Application State
Cookies, Session Management, and Top N Queries
October 3, 2001
Administration
Preliminary Design Documents We were very impressed! If we found glaring errors, you would have received an
email from us. Egret
If you believe you cannot log into egret, reread the directions carefully, and if you still have trouble, email TAs with your group number.
Common problems: omitting “cucs/” in your user name, not using “map network drive”, and not using the correct username/password we gave you (it is NOT your CSUGLab netid/password!!)
Final Design Documents
Due October 10Information online under “class notes”
about what to includeTry to be complete, but concise (you don’t
need 100 pages ).
In the beginning…
…there was…
…nothing.
TheInternet
Next came…
But what can we do
with it?
The Internet…
Internet
We can offer services! Sell, buy and trade things! Post information! Chat! Surf! You are
wise…Do not forget CS433
The Internet…
The onset of the Web has brought about new client-server issues Reliability – servers must be online 24-7 Distributed networking – servers access many
systems Scalability – servers must be able to handle
millions of requests Stateless and State Maintained Interaction
Stateless and State Maintenance
Stateless No information is retained from one request to
another Pure web servers are stateless
State Some memory is stored between requests This memory can be saved on either the client
or the server
Stateless Protocol
Advantages Easy to use: don’t need anything Great for static-information applications Requires no extra memory space
Disadvantages No record of previous requests means
No shopping baskets No user logins No custom or dynamic content Security is more difficult to implement
Application State
Server-side state Information is stored in a database, or in the
application layer’s local memory
Client-side state Information is stored on the client’s computer in
the form of a cookie
Hidden state Information is hidden within dynamically created
web pages
Application State
So many kinds of state…
…how will I choose?
Server-Side State
Many types of Server side state:1. Store information in a database
Data will be safe in the database BUT: requires a database access to query or
update the information2. Use application layer’s local memory
Can map the user’s IP address to some state BUT: this information is volatile and takes up
lots of server main memory
5 million IPs = 20 MB
Server-Side State
Should use Server-side state maintenance for information that needs to persist Old customer orders “Click trails” of a user’s movement through a
site Permanent choices a user makes
Client-side State: Cookies
Storing text on the client which will be passed to the application with every HTTP request. Can be disabled by the client. Are wrongfully perceived as "dangerous", and
therefore will scare away potential site visitors if asked to enable cookies1
Are a collection of (Name, Value) pairs
1http://www.webdevelopersjournal.com/columns/stateful.html
Client State: Cookies
Advantages Easy to use in Java Servlets / JSP Provide a simple way to persist non-essential data on the
client even when the browser has closed Disadvantages
Limit of 4 kilobytes of information Users can (and often will) disable them
Should use cookies to store interactive state The current user’s login information The current shopping basket Any non-permanent choices the user has made
Creating A Cookie
Cookie myCookie = new Cookie(“username", “jeffd");response.addCookie(userCookie);
You can create a cookie at any time
Accessing A Cookie
Cookie[] cookies = request.getCookies(); String theUser;for(int i=0; i<cookies.length; i++) { Cookie cookie = cookies[i]; if(cookie.getName().equals(“username”))
theUser = cookie.getValue();} // at this point theUser == “jeffd”
Cookies need to be accessed BEFORE you set your response header:response.setContentType("text/html");PrintWriter out = response.getWriter();
Cookie Features
Cookies can have A duration (expire right away or persist even
after the browser has closed) Filters for which domains/directory paths the
cookie is sent to
See the Java Servlet API and Servlet Tutorials for more information
Hidden State
Often users will disable cookiesYou can “hide” data in two places:
Hidden fields within a form Using the path information
Requires no “storage” of information because the state information is passed inside of each web page
Hidden State: Hidden Fields
Declare hidden fields within a form: <input type=‘hidden’ name=‘user’ value=‘jeffd’/>
Users will not see this information (unless they view the HTML source)
If used prolifically, it’s a killer for performance since EVERY page must be contained within a form.
Hidden State: Path Information
Path information is stored in the URL request:http://server.com/index.htm?user=jeffd
Can separate ‘fields’ with an & character:index.htm?user=jeffd&preference=pepsi
There are mechanisms to parse this field in Java. Check out the javax.servlet.http.HttpUtils parserQueryString() method.
Multiple state methods
Typically all methods of state maintenance are used: User logs in and this information is stored in a cookie User issues a query which is stored in the path
information User places an item in a shopping basket cookie User purchases items and credit-card information is
stored/retrieved from a database User leaves a click-stream which is kept in a log on the
web server (which can later be analyzed)
Case Study: Top N Queries
A Top N Query requests the first n records in some table. Used when there are many search results Want to break the search result into managable
batches, say to display 20 search result records at a time (display NEXT, PREVIOUS 20)
You need to know the starting/ending point in your table.
Top N Queries
ID Product
13 Baseball Hat
27 Duke Basketball Tickets
7 DVD Player
14 Laptop Computer
2 Pocket PC
25 Sunglasses
15 Vitamins
Batch 1
Batch 2
Batch 3
Batch 4
Select all the odd things Jeff wants in batches of 2 items…
Placeholder Technique
Store the first and last result tuples and perform the same select query
Iterate through the results to return the next or previous batch of results
Tuples Shown
Lower Place
Prev Set Upper Place
Next Set
1-2 1 None 2 3-4
3-4 3 1-2 4 5-6
5-6 5 3-4 6 7
7 7 5-6 7 None
Placeholder Technique
For each page you then know: Showing Records: 3-4 Previous Link: /display.jsp?lower=3 Next Link: /display.jsp?upper=4
If the user clicks on the Next Link do:1. Iterate to: upper value + 1 (here that is 5)
2. Display the next 2 results
3. Prepare new lower/upper values (5,6)
Placeholder Technique
You perform the SAME select query each time you need a new batch of results
Advantages: Easy implementation
Disadvantages: You must fetch many unneeded records (i.e.
the ones you iterate through)
Query Constraint Technique
Instead of issuing the SAME query, push the constraint into the query so the result only contains records that have not yet been displayed
You can use sorting to do this effectively:Select P.Product
From ProductTable P
Where (P.Product = ‘item’ AND P.Id > lowest_value)
OR (P.Product > ‘item’)
Order By P.Product, P.Id
Query Constraint Technique
SELECT P.ProductFROM ProductTable PWHERE (P.Product = ‘item’ AND P.Id > lowest_value)
OR (P.Product > ‘item’)ORDER BY P.Product, P.Id
What it means:The first part of the WHERE clause is for when there
are many products with the same name, and we only want to see the new ones.
The second part of the WHERE clause is for items that are “larger” alphabetically.
Query Constraint Technique
ID Product
13 Baseball Hat
27 Basketball Tickets
37 Basketball Tickets
14 Laptop Computer
B1
B2
SELECT P.ProductFROM ProductTable PWHERE (P.Product = ‘Basketball Tickets’ AND
P.ID > 27) OR (P.Product > ‘Basketball Tickets’)
ORDER BY P.Product, P.ID
To move from batch B1 to batch B2 you would issue:
Query Constraint Technique
What information needs to be stored? Previous:
Title of FIRST record in the previous set Primary_Key of FIRST record in the previous set
Next: Title of FIRST record in the next set Primary_Key of FIRST record in next set
This information can be encoded in the path information
Query Constraint Technique
Advantages No need to iterate through results so you get a
large speedup
Disadvantages More difficult to implement
Any questions?