Session Management (Set and Get Data from Session) in GWT

When you think about the Security of a web application 'Session Management' is the first thing that strikes in your head. I am now working with an enterprise web application using GWT and you know security is a very vital issue in an enterprise application. And we have ensured the security by managing session data. Here i will describe how to store and retrieve data from session by using GWT RPC.

Suppose you want to store the user name in session after login to the application and check the session value later. Then what do you do?

First create a GWT RPC Service named 'SessionManagementService'. You can give any other name as you like. In SessionManagementService interface add two methods

public void setUserName(String userName);
public String getUserName();

And synchronize the methods with 'SessionManagementServiceAsync'.
public void setUserName(String userName, AsyncCallback<Void> asyncCallback);
public void getUserName(AsyncCallback<String> asyncCallback);

Now implement the methods in 'SessionManagementServiceImpl'. Let's first talk about the setter method.
public void setUserName(String userName)
{
     HttpSession httpSession = getThreadLocalRequest().getSession(true);
     httpSession.setAttribute("userName", userName);
}

The getThreadLocalRequest method returns you a HttpServletRequest object for the current call. For simultaneous invocation you will get different request object. And the getSession method returns you the current HttpSession for the associated request. So you can get the current session of the current call by getThreadLocalRequest().getSession(true).



The setAttribute method binds an object to the associated session. It stores the object's value as a Name-Value pair. You can put any thing as the value of the object. A String value or List<String> any thing. Here the name of the object is "useName" and the object is bound to this session with this name.

Now come to the getter method.
public String getUserName()
{
    HttpSession session = getThreadLocalRequest().getSession(true);
    if (session.getAttribute("userName") != null)
    {
        return (String) session.getAttribute("userName");
    }
    else 
    {
        return "";
    }
}

Get the current session in the same way as described for the setter method. The getAttribute method returns the value of the object which is bound with this session with the specific name. Then simply cast it with your desired type.

Thats all. Just call the services according to your requirement. Play with GWT and stay in touched. :-D

13 comments:

Anonymous December 11, 2009 at 4:49 AM  

Nice article Zawoad, as usual.

Unknown December 12, 2009 at 8:02 PM  

Thanks..

Hillol December 12, 2009 at 9:04 PM  

Nice blog Ratul.... keep it up. I think somedays your blogs can be compiled as a nice book on GWT. :-)

Unknown December 12, 2009 at 10:15 PM  
This comment has been removed by the author.
Unknown February 19, 2010 at 1:37 AM  

@Hillol: It is great to get some inspiring comments from the GURU :-)

Anonymous March 23, 2010 at 1:30 PM  

privatevoid setUserInSession(Account user) {
HttpSession session = getThreadLocalRequest().getSession();
session.setAttribute(USER_SESSION, user);
System.out.println(session.getId());
}

private Account getUserFromSession() {
HttpSession session = getThreadLocalRequest().getSession();
System.out.println(session.getId());
return (Account) session.getAttribute(USER_SESSION);
}

getThreadLocalRequest().getSession() is supposed to get a different session for every request thread. In other words, if two users are logged in, each one should have a different session id. This whole concept works well in “internet explorer” but not in firefox or chrome. In FF and Chrome, both request threads are having the same session, and so 2 users logged in to different accounts would share the same session id.

Any suggestion?
thanx in advance

Unknown March 23, 2010 at 9:47 PM  

For FF and Chrome all the windows of these browsers share same session. So please check from different pc for these browsers.

Unknown April 13, 2011 at 6:10 AM  

Really helped me a lot, cheers!

Anonymous March 18, 2013 at 4:31 AM  

Doesn't work if you use Spring with dispatcher.....no more threadlocal

Unknown May 21, 2013 at 1:53 AM  
This comment has been removed by the author.
Anonymous May 21, 2013 at 1:54 AM  

Thank you! ;)

Anonymous August 5, 2013 at 1:11 PM  

if using Spring, and instead of :
HttpSession httpSession = getThreadLocalRequest().getSession();

Use :
ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpSession httpSession = attr.getRequest().getSession();

Anonymous November 12, 2013 at 8:05 AM  

Great! Thank you!!!

Total Pageviews

Tags

Twitter Updates
    follow me on Twitter

    Followers