Search your topic in Java2share
Home > SCWCD > SCWCD Question Bank
eXTReMe Tracker


4. Session Management (SCWCD)

Objectives
1.  Write servlet code to store objects into a session object and retrieve objects from a session object.
2.  Given a scenario describe the APIs used to access the session object, explain when the session object was created, and describe the mechanisms used to destroy the session object, and when it was destroyed.
3. Using session listeners, write code to respond to an event when an object is added to a session, and write code to respond to an event when a session object migrates from one VM to another.
4.  Given a scenario, describe which session management mechanism the Web container could employ, how cookies might be used to manage sessions, how URL rewriting might be used to manage sessions, and write servlet code to perform URL rewriting.


Q1. A developer for the company web site has been told that users may turn off cookie support in their browsers. What must the developer do to ensure that these customers can still use the web application?

A. The developer must ensure that every URL is properly encoded using the appropriate URL rewriting APIs.
B. The developer must provide an alternate mechanism for managing sessions and abandon the HttpSession mechanism entirely.
C. The developer can ignore this issue. Web containers are required to support automatic URL rewriting when cookies are not supported.
D. The developer must add the string id=<sessionid> to the end of every URL to ensure that the conversation with the browser can continue.

Answer: A

Q2. As a convenience feature, your web pages include an Ajax request every five minutes to a special servlet that monitors the age of the user's session. The client-side JavaScript that handles the Ajax callback displays a message on the screen as the session ages. The Ajax call does NOT pass any cookies, but it passes the session ID in a request parameter called sessionID. In addition, assume that your webapp keeps a hashmap of session objects by the ID. Here is a partial implementation of this servlet:

10. public class SessionAgeServlet extends HttpServlet {
11. public void service(HttpServletRequest request, HttpServletResponse) throws IOException {
12. String sessionID = request.getParameter("sessionID");
13. HttpSession session = getSession(sessionID);
14. long age = // your code here
15. response.getWriter().print(age);
16. } ... // more code here
47. }

Which code snippet on line 14, will determine the age of the session?

A. session.getMaxInactiveInterval();
B. session.getLastAccessed().getTime() - session.getCreationTime().getTime();
C. session.getLastAccessedTime().getTime() - session.getCreationTime().getTime();
D. session.getLastAccessed() - session.getCreationTime();
E. session.getMaxInactiveInterval() - session.getCreationTime();
F. session.getLastAccessedTime() - session.getCreationTime();

Answer: F


Q3.Which statement is true about web container session management?

A. Access to session-scoped attributes is guaranteed to be thread-safe by the web container.
B. To activate URL rewriting, the developer must use the HttpServletResponse. setURLRewriting method.
C. If the web application uses HTTPS, then the web container may use the data on the HTTPS request stream to identify the client.
D. The JSESSIONID cookie is stored permanently on the client so that a user may return to the web application and the web container will rejoin that session.

Answer: C

Q4. Your company has a corporate policy that prohibits storing a customer's credit card number in any corporate database. However, users have complained that they do NOT want to re-enter their credit card number for each transaction. Your management has decided to use client-side cookies to record the user's credit card number for 120 days. Furthermore, they also want to protect this information during transit from the web browser to the web container; so the cookie must only be transmitted over HTTPS. Which code snippet creates the "creditCard" cookie and adds it to the out going response to be stored on the user's web browser?

A.10. Cookie c = new Cookie("creditCard", usersCard);
11. c.setSecure(true);
12. c.setAge(10368000);
13. response.addCookie(c);

B. 10. Cookie c = new Cookie("creditCard", usersCard);
11. c.setHttps(true);
12. c.setMaxAge(10368000);
13. response.setCookie(c);

C. 10. Cookie c = new Cookie("creditCard", usersCard);
11. c.setSecure(true);
12. c.setMaxAge(10368000);
13. response.addCookie(c);

D. 10. Cookie c = new Cookie("creditCard", usersCard);
11. c.setHttps(true);
12. c.setAge(10368000);
13. response.addCookie(c);

E. 10. Cookie c = new Cookie("creditCard", usersCard);
11. c.setSecure(true);
12. c.setAge(10368000);
13. response.setCookie(c);

Answer: C