04 – Passing Data between pages: Forms, Sessions, & Query Strings

Mark Dixon 1

04 – Passing Data between pages:Forms, Sessions, & Query Strings

Mark Dixon 2

Session Aims & Objectives• Aims

– To introduce the fundamental ideas involved in passing data between pages

• Objectives,by end of this week’s sessions, you should be able to:

– pass data between pages, using:• Self Posting• Query Strings• Session Variables• Cookies

Mark Dixon 3

Example: Logon v2 (design)• Restrict access to

home page

Mark Dixon 4

Example: Logon v2 (code)<%@page contentType="text/html" pageEncoding="UTF-8"%><%String un;String pw;String msg = ""; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ response.sendRedirect(“Home.html"); }else{ msg = "Login details incorrect."; } }%>

<!DOCTYPE html><html> <head><title></title></head> <body> <form> Please logon:<br /> <input name="txtUserName" type="text" /><br /> <input name="txtPassWord" type="text" /><br /> <input name="btnLogon" type="submit" value="Logon" /> <p><%=msg%></p> </form> </body></html>

Logon.jsp

<html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>

Home.html

Mark Dixon 5

Example: Logon (Fixed Problem)• View Source – shows client-side script:

No server-side code

Mark Dixon 6

Example: Logon (Problem 2)• User can type home page url (address)

directly (bypassing logon page)

Mark Dixon 7

Solution• Need way for:

– password page to tell home page

– that user logged in OK

Mark Dixon 8

Technique: Dead-Drop Variables• 2 Spies wish to pass message between

each other without actually meeting

• Arrange a dead-drop location– one spy leaves message at location– other spy visits location later to pick up

message

• Variables used as dead-drop containers

Mark Dixon 9

<%@page contentType="text/html“ %><%Boolean LogonOK; if (LogonOK == false){ response.sendRedirect("Logon3.jsp"); }%>

<!DOCTYPE html><html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>

Home3.jsp<%@page contentType="text/html" pageEncoding="UTF-8"%><%String un;String pw;String msg = "";Boolean LogonOK; LogonOK = false; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ LogonOK = true; response.sendRedirect("Home3.jsp"); }else{ msg = "Login details incorrect."; } }%>

<!DOCTYPE html><html> <head><title></title></head> <body> <form> Please logon:<br /> <input name="txtUserName" type="text" /><br /> <input name="txtPassWord" type="text" /><br /> <input name="btnLogon" type="submit" value="Logon" /> <p><%=msg%></p> </form> </body></html>

Logon3.jsp

Example: Logon v3 (code)

Does not work Variables do not persist between pages

LogonOKTrue

Mark Dixon 10

Example: Logon v3 (Error)• Variables – don't persist between pages

Mark Dixon 11

Passing Data (temporary)

• Session object– used to pass information between pages:

– exists for current session– persist between pages– clears if user closes browser– clears after 20 mins of inactivity– no need for declaration

session.setAttribute("Thing", 91);

Put 91 into Thing

Mark Dixon 12

Maintaining State: Session Object

<%@page contentType="text/html" %><% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); }%>

<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="display.jsp">Display</a></p> </form> </body></html>

Send.jsp

• Session variable– all objects– no declaration

• invalidate method– deletes all

session variables

Mark Dixon 13

Maintaining State: Session Object

<%@page contentType="text/html" %><%String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); }%>

<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <p>Message: <%=s%></p> </body></html>

Display.jsp

• read session variable, and

• display

Mark Dixon 14

Example: Message• Using Session variable:

<%@page contentType="text/html" %><% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); }%>

<!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="display.jsp">Display</a></p> </form> </body></html>

Send.jsp

<%@page contentType="text/html" %><%String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); }%>


Display.jsp

MSGMeet in BGB202

Mark Dixon 15

Questions: Session Variables• Write a line of code to put the number 74

into a session variable called id.

• Write code that puts 'Hello' a variable called msg if the session variable called id is equal to 74

session.setAttribute("id", 74);

if (session.getAttribute("id") == 74){

msg = "Hello";

}

Mark Dixon 16

Passing Data (temporary)

• Query Strings– Useful for passing information between pages

via links

Mark Dixon 17

Maintaining State: Query Strings• Data added to end of URL (address):

page.jsp?Surname=Bob

• JSP code can use this data:– request.getParameter("Surname")

• would return the value "Bob"

• Form method=get– data automatically added to query string

Query String

Mark Dixon 18

Example: Date-Time<html> <head> </head> <body> <p>What background colour do you want for you date information? <br><a href=DateTime.jsp?Colour=yellow>Yellow</a> <br><a href=DateTime.jsp?Colour=cyan>Light Blue</a> </body></html>

Menu.jsp

<%@page contentType="text/html" %><%@page import="java.util.Date" %><!DOCTYPE html><html> <head><title></title></head> <body bgcolor=<%=request.getParameter("Colour")%>> <p>The date is <%=new Date()%>. </body></html>

DateTime.jsp

Mark Dixon 19

• store small textual data

• on user's (client) computer– Actual location varies with platform (Windows, Linux, etc.)

C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files

– e.g. (from www.amazon.co.uk)session-id-time2082758401lamazon.co.uk/1536267915020831961202421942348830182897

Cookies: What

Mark Dixon 20

• has 6 parts:– Name– Value– Domain– Path– Expiration– Security flag

• Name and Value are required– others have default values

20

Cookies: Parts

Mark Dixon 21

1. create cookie object

2. Constructor takes 2 parameters: – name and value

(both Strings)

3. add cookie to response

Cookies: Creating

Cookie c; c = new Cookie("X", "23"); response.addCookie(c);

• Note:– any number of cookies can be created and added– cookies with same name are replaced

Mark Dixon 22

1. get cookies using request.getCookies– cookies are in an array

2. process the cookies:– use loop– getName returns name– getValue returns value

Cookies: Reading

Cookie[] cookies;cookies = request.getCookies();

for(int i=0; i<cookies.length; i++){ // cookies[i].getName() // cookies[i].getValue()}

Mark Dixon 23

• browsers don’t always accept cookies– most modern browsers support cookies

– still a few people using very old browsers

• often the user turns cookies off!– user concerned with what server is doing

with information about themthen probably turn cookies off

• can be used to transfer sensitive information in clear text

• NOT a serious security threat (no viruses)

Cookies: Disadvantages

Mark Dixon 24

Example: Message 2 (cookies)

<%@page contentType="text/html" %><%Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }%><!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="DisplayCookie.jsp">Display</a></p> </form> </body></html>

Send.jsp

<%@page contentType="text/html" %><%Cookie[] cookies;int i;String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + "<br />"; } } }%>


Display.jsp

MSGMeet in BGB202

Mark Dixon 25

Example: Message 2 (add cookies)

<%@page contentType="text/html" %><%Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }%><!DOCTYPE html><html> <head><title>JSP Page</title></head> <body> <form> <input name="btnSend" type="submit" value="Send" /> <input name="btnClear" type="submit" value="Clear" /> <p><a href="DisplayCookie.jsp">Display</a></p> </form> </body></html>

Send.jsp

Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }

Mark Dixon 26

Example: Message 2 (get cookies)

<%@page contentType="text/html" %><%Cookie[] cookies;int i;String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + "<br />"; } } }%>


Display.jspCookie[] cookies;int i;String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + "<br />"; } } }

Mark Dixon 27

Reference: Server Object Model• request object: calling web page

– getParameter: used to get form and query-string data from page

– getCookies: used to get cookie data from page

• response object: web page sent back– sendRedirect: used to navigate to other page

• session object: store data between pages– setAttribute: stores data– getAttribute: gets data– invalidate: clears session data

Mark Dixon 28

Passing Data (persistent)

• Cookies– stored on users’ (client) hard drive– persists between sessions– can be viewed by client– sent over http

• Database/file (covered in later lectures)– stored on server hard drive– persists between sessions– cannot be accessed directly by client

Mark Dixon 29

Tutorial Exercise: Message• LEARNING OBJECTIVE:

pass data between pages using session variables, and (form) self-posting

• Task 1: Get the message example working (from the lecture)• Task 2: Change the send.jsp page so that when you click the buttons it

gives some feedback as to what has happened.

Mark Dixon 30

Tutorial Exercise: Logon• LEARNING OBJECTIVE:

pass data between pages using session variables, and (form) self-posting

• Task 1: Type in the code for the Logon v3 example (from the lecture) NOTE: this will not work properly (variables do not persist between pages)

• Task 2: Modify this to use a session variable to 'remember' whether the logon was successful. Note: It should not be possible to view the source code Note: It should not be possible to bypass the logon

Mark Dixon 31

Tutorial Exercise: Date• LEARNING OBJECTIVE:

pass data between pages using query strings

• Task 1: Get the Date-Time example (from the lecture) working• Task 2: Modify your page to provide another choice of background

colour.

Mark Dixon 32

Tutorial Exercise: Message 2• LEARNING OBJECTIVE:

pass data between pages using cookies

• Task 1: Get the message 2 example working (from the lecture)• Task 2: Change the send.jsp page so that the user can change the

text that is senthint: add a text box