Prev
Home
Next
Menu

Managing Session using Hidden Form Fields

Using hidden form fields is one of the simplest session tracking techniques. Hidden form fields are HTML input types that are not displayed when read by a browser. The following sample HTML listing includes hidden form fields:

<HTML>
<BODY>
    <FORM ACTION="someaction" METHOD="post">
         <INPUT TYPE="hidden" NAME="tag1" VALUE="value1">
         <INPUT TYPE="hidden" NAME="tag2" VALUE="value2">
         <INPUT TYPE="submit">
    </FORM>
</BODY>
</HTML>

When we open this HTML document in a browser, the input types marked as hidden will not be visible. They will, however, be transmitted in the request to a Servlet that can service both POST and GET methods. In the doGet() method, we can build a form that contains hidden fields and an action that points to the Servlet’s doPost() method. The doPost() method will then parse the hidden values sent in the request and echo them back to the client.

The example codes are placed within HiddenFieldServlet directory under webapps.

Here is the code for Servlet using Hidden Fields:

HiddenFieldServlet.java

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;

public class HiddenFieldServlet extends HttpServlet {

   //Process the HTTP GET request
   public void doGet(HttpServletRequest request, HttpServletResponse response)
               throws ServletException, IOException {

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("<html>");
        out.println("<head><title>HiddenFieldServlet" + "</title></head>");
        out.println("<body>");
		
        //Create the Form with Hidden Fields
        out.println("<form action=" + "\"/HiddenFieldServlet/hide.do\" method=\"POST\">");
		
        //These values would be uniquely generated
        out.println("<input type=\"hidden\" name=" + "\"user\" value=\"Tech Guru\">");
        out.println("<input type=\"hidden\" name=" + "\"session\" value=\"14112019\">");
		
        //These are the currently selected movies
        out.println("<input type=\"hidden\" name=" + "\"movie\" value=\"Forrest Gump\">");
        out.println("<input type=\"hidden\" name=" + "\"movie\" value=\"Avengers: Endgame\">");
        out.println("<input type=\"hidden\" name=" + "\"movie\" value=\"The Lion King\">");
        out.println("<input type=\"submit\" value=" + "\"Submit\">");
        out.println("</form>");
        out.println("</body></html>");
        out.close();
   }

   //Process the HTTP POST request
   public void doPost(HttpServletRequest request, HttpServletResponse response)
               throws ServletException, IOException {

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        out.println("<html>");
	out.println("<head><title>HiddenFieldServlet" + "</title></head>");
	out.println("<body>");
		
	//Get the hidden inputs and echo them
	String user = request.getParameter("user");
	String session = request.getParameter("session");
	out.println("<H3>" + user + ", the contents of your movie box are:</H3><BR>");
	String[] movies = request.getParameterValues("movie");
	if ( movies != null ) {
	    for ( int x = 0; x < movies.length; x++ ) {
		out.println(movies[x] + "<BR>");
	    }
	}
	out.println("</body></html>");
	out.close();
   }

}

 

The web.xml file for this application:

<web-app>
  <servlet>
    <servlet-name>amt</servlet-name>
    <servlet-class>HiddenFieldServlet</servlet-class>
 </servlet>
 <servlet-mapping>
    <servlet-name>amt</servlet-name>
    <url-pattern>/hide.do</url-pattern>
 </servlet-mapping>
</web-app>

When we have this Servlet loaded, if we open our browser to the Servlet’s URL. The URL on my address bar is listed as follows:

http://localhost:8085/HiddenFieldServlet/hide.do

 

See the output below:

 

 

 

 

 

 

 

 

 

When the Servlet is loaded, we should only see a Submit button. If we view the current HTML source, we will see a listing similar to this snippet:

<html>
<head><title>HiddenFieldServlet</title></head>
<body>
  <FORM ACTION="/HiddenFieldServlet/hide.do" METHOD="POST">
  <INPUT TYPE="hidden" NAME="user" VALUE="Tech Guru">
  <INPUT TYPE="hidden" NAME="session" VALUE="14112019">
  <INPUT TYPE="hidden" NAME="movie" VALUE="Forrest Gump">
  <INPUT TYPE="hidden" NAME="movie" VALUE="Avengers: Endgame">
  <INPUT TYPE="hidden" NAME="movie" VALUE="The Lion King">
  <INPUT TYPE="submit" VALUE="Submit">
</FORM>
</body>
</html>

 

Notice the hidden form fields in the HTML form. Now click the Submit button. The form invokes the doPost() method of the HiddenFieldServlet. This method parses the hidden fields out of the request and displays them in a “movie box” listing. Figure below shows the results of the doPost() method of HiddenFieldServlet Servlet.

 

 

 

 

 

 

 

 

 

We can see that hidden form fields have their advantages. They are easy to implement and are supported by most browsers. This technique also has its disadvantages. The hidden fields must be created in a particular sequence. We are not able to click the Back button on our browser without losing the additional fields added to the current page. We are also restricted to dynamically generated documents.

 

 

Prev
Home
Next