Upload
julie-welch
View
43
Download
0
Embed Size (px)
DESCRIPTION
04 – Passing Data between pages: Forms, Sessions, & Query Strings. Session Aims & Objectives. Aims To introduce the fundamental ideas involved in passing data between pages Objectives, by end of this week’s sessions, you should be able to: pass data between pages , using: Self Posting - PowerPoint PPT Presentation
Citation preview
Mark Dixon 1
04 – Passing Data between pages:Forms, Sessions, & Query Strings
Mark Dixon 2
Session Aims & Objectives• Aims
– To introduce the fundamental ideas involved in passing data between pages
• Objectives,by end of this week’s sessions, you should be able to:
– pass data between pages, using:• Self Posting• Query Strings• Session Variables• Cookies
Mark Dixon 3
Example: Logon v2 (design)• Restrict access to
home page
Mark Dixon 4
Example: Logon v2 (code)<%@page contentType="text/html" pageEncoding="UTF-8"%><%String un;String pw;String msg = ""; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ response.sendRedirect(“Home.html"); }else{ msg = "Login details incorrect."; } }%>
<!DOCTYPE html><html> <head><title></title></head> <body> <form> Please logon:<br /> <input name="txtUserName" type="text" /><br /> <input name="txtPassWord" type="text" /><br /> <input name="btnLogon" type="submit" value="Logon" /> <p><%=msg%></p> </form> </body></html>
Logon.jsp
<html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>
Home.html
Mark Dixon 5
Example: Logon (Fixed Problem)• View Source – shows client-side script:
No server-side code
Mark Dixon 6
Example: Logon (Problem 2)• User can type home page url (address)
directly (bypassing logon page)
Mark Dixon 7
Solution• Need way for:
– password page to tell home page
– that user logged in OK
Mark Dixon 8
Technique: Dead-Drop Variables• 2 Spies wish to pass message between
each other without actually meeting
• Arrange a dead-drop location– one spy leaves message at location– other spy visits location later to pick up
message
• Variables used as dead-drop containers
Mark Dixon 9
<%@page contentType="text/html“ %><%Boolean LogonOK; if (LogonOK == false){ response.sendRedirect("Logon3.jsp"); }%>
<!DOCTYPE html><html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>
Home3.jsp<%@page contentType="text/html" pageEncoding="UTF-8"%><%String un;String pw;String msg = "";Boolean LogonOK; LogonOK = false; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ LogonOK = true; response.sendRedirect("Home3.jsp"); }else{ msg = "Login details incorrect."; } }%>
<!DOCTYPE html><html> <head><title></title></head> <body> <form> Please logon:<br /> <input name="txtUserName" type="text" /><br /> <input name="txtPassWord" type="text" /><br /> <input name="btnLogon" type="submit" value="Logon" /> <p><%=msg%></p> </form> </body></html>
Logon3.jsp
Example: Logon v3 (code)
Does not work Variables do not persist between pages
LogonOKTrue
Mark Dixon 10
Example: Logon v3 (Error)• Variables – don't persist between pages
Mark Dixon 11
Passing Data (temporary)
• Session object– used to pass information between pages:
– exists for current session– persist between pages– clears if user closes browser– clears after 20 mins of inactivity– no need for declaration
session.setAttribute("Thing", 91);
Put 91 into Thing
Mark Dixon 12
Maintaining State: Session Object
<%@page contentType="text/html" %><% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); }%>
<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="display.jsp">Display</a></p> </form> </body></html>
Send.jsp
• Session variable– all objects– no declaration
• invalidate method– deletes all
session variables
Mark Dixon 13
Maintaining State: Session Object
<%@page contentType="text/html" %><%String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); }%>
<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body></html>
Display.jsp
• read session variable, and
• display
Mark Dixon 14
Example: Message• Using Session variable:
<%@page contentType="text/html" %><% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); }%>
<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="display.jsp">Display</a></p> </form> </body></html>
Send.jsp
<%@page contentType="text/html" %><%String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); }%>
<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body></html>
Display.jsp
MSGMeet in BGB202
Mark Dixon 15
Questions: Session Variables• Write a line of code to put the number 74
into a session variable called id.
• Write code that puts 'Hello' a variable called msg if the session variable called id is equal to 74
session.setAttribute("id", 74);
if (session.getAttribute("id") == 74){
msg = "Hello";
}
Mark Dixon 16
Passing Data (temporary)
• Query Strings– Useful for passing information between pages
via links
Mark Dixon 17
Maintaining State: Query Strings• Data added to end of URL (address):
page.jsp?Surname=Bob
• JSP code can use this data:– request.getParameter("Surname")
• would return the value "Bob"
• Form method=get– data automatically added to query string
Query String
Mark Dixon 18
Example: Date-Time<html> <head> </head> <body> <p>What background colour do you want for you date information? <br><a href=DateTime.jsp?Colour=yellow>Yellow</a> <br><a href=DateTime.jsp?Colour=cyan>Light Blue</a> </body></html>
Menu.jsp
<%@page contentType="text/html" %><%@page import="java.util.Date" %><!DOCTYPE html><html> <head><title></title></head> <body bgcolor=<%=request.getParameter("Colour")%>> <p>The date is <%=new Date()%>. </body></html>
DateTime.jsp
Mark Dixon 19
• store small textual data
• on user's (client) computer– Actual location varies with platform (Windows, Linux, etc.)
C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files
– e.g. (from www.amazon.co.uk)session-id-time2082758401lamazon.co.uk/1536267915020831961202421942348830182897
Cookies: What
Mark Dixon 20
• has 6 parts:– Name– Value– Domain– Path– Expiration– Security flag
• Name and Value are required– others have default values
20
Cookies: Parts
Mark Dixon 21
1. create cookie object
2. Constructor takes 2 parameters: – name and value
(both Strings)
3. add cookie to response
Cookies: Creating
Cookie c; c = new Cookie("X", "23"); response.addCookie(c);
• Note:– any number of cookies can be created and added– cookies with same name are replaced
Mark Dixon 22
1. get cookies using request.getCookies– cookies are in an array
2. process the cookies:– use loop– getName returns name– getValue returns value
Cookies: Reading
Cookie[] cookies;cookies = request.getCookies();
for(int i=0; i<cookies.length; i++){ // cookies[i].getName() // cookies[i].getValue()}
Mark Dixon 23
• browsers don’t always accept cookies– most modern browsers support cookies
– still a few people using very old browsers
• often the user turns cookies off!– user concerned with what server is doing
with information about themthen probably turn cookies off
• can be used to transfer sensitive information in clear text
• NOT a serious security threat (no viruses)
Cookies: Disadvantages
Mark Dixon 24
Example: Message 2 (cookies)
<%@page contentType="text/html" %><%Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }%><!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="DisplayCookie.jsp">Display</a></p> </form> </body></html>
Send.jsp
<%@page contentType="text/html" %><%Cookie[] cookies;int i;String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + "<br />"; } } }%>
<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body></html>
Display.jsp
MSGMeet in BGB202
Mark Dixon 25
Example: Message 2 (add cookies)
<%@page contentType="text/html" %><%Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }%><!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="DisplayCookie.jsp">Display</a></p> </form> </body></html>
Send.jsp
Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }
Mark Dixon 26
Example: Message 2 (get cookies)
<%@page contentType="text/html" %><%Cookie[] cookies;int i;String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + "<br />"; } } }%>
<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body></html>
Display.jspCookie[] cookies;int i;String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + "<br />"; } } }
Mark Dixon 27
Reference: Server Object Model• request object: calling web page
– getParameter: used to get form and query-string data from page
– getCookies: used to get cookie data from page
• response object: web page sent back– sendRedirect: used to navigate to other page
• session object: store data between pages– setAttribute: stores data– getAttribute: gets data– invalidate: clears session data
Mark Dixon 28
Passing Data (persistent)
• Cookies– stored on users’ (client) hard drive– persists between sessions– can be viewed by client– sent over http
• Database/file (covered in later lectures)– stored on server hard drive– persists between sessions– cannot be accessed directly by client
Mark Dixon 29
Tutorial Exercise: Message• LEARNING OBJECTIVE:
pass data between pages using session variables, and (form) self-posting
• Task 1: Get the message example working (from the lecture)• Task 2: Change the send.jsp page so that when you click the buttons it
gives some feedback as to what has happened.
Mark Dixon 30
Tutorial Exercise: Logon• LEARNING OBJECTIVE:
pass data between pages using session variables, and (form) self-posting
• Task 1: Type in the code for the Logon v3 example (from the lecture) NOTE: this will not work properly (variables do not persist between pages)
• Task 2: Modify this to use a session variable to 'remember' whether the logon was successful. Note: It should not be possible to view the source code Note: It should not be possible to bypass the logon
Mark Dixon 31
Tutorial Exercise: Date• LEARNING OBJECTIVE:
pass data between pages using query strings
• Task 1: Get the Date-Time example (from the lecture) working• Task 2: Modify your page to provide another choice of background
colour.
Mark Dixon 32
Tutorial Exercise: Message 2• LEARNING OBJECTIVE:
pass data between pages using cookies
• Task 1: Get the message 2 example working (from the lecture)• Task 2: Change the send.jsp page so that the user can change the
text that is senthint: add a text box