Application Servers

CGI does not scale well because of the drawback mentioned above. This performance problem led to the development of specialized programs called application servers. An application server has pre- forked threads or processes and thus avoids the start-up cost of creating a new process for each request. In addition to eliminating the process-creation

overhead:

Integration of heterogeneous data sources: Most companies have data in many different database systems, from legacy systems to modern object-relational systems. Electronic commerce applications require integrated access to all these data sources.

Transactions involving several data sources: In electronic commerce applications, a user transaction might involve updates at several data sources. An application server can ensure transactional semantics across data sources by providing atomicity, isolation, and durability. The transaction boundary is the point at which the application server provides transactional semantics. If the transaction boundary is at the application server, very simple client programs are possible.

Security: Since the users of a Web application usually include the general population, database access is performed using a general-purpose user identifier that is known to the application server. While communication between the server and the application at the server side is usually not a security risk, communication between the client (Web browser) and the Web server could be a security hazard. Encryption is usually performed at the Web server, where a secure protocol (in most cases the Secure Sockets Layer (SSL) protocol) is used to communicate with the client.

Session management: Often users engage in business processes that take several steps to complete. Users expect the system to maintain continuity during a session, and several session identifiers such as cookies, URL extensions, and hidden fields in HTML forms can be used to identify a session. Application servers provide functionality to detect when a session starts and ends and to keep track of the sessions of individual users.

Server-side processing technologies:

The Java Servlet API allows Web developers to extend the functionality of a Web server by writing small Java programs called servlets that interact with the Web server through a well-defined API. A servlet consists of mostly business logic and routines to format relatively small datasets into HTML.

Java Server Pages (JSP) is yet another platform-independent alternative for generating dynamic content on the server side. JSP is designed to separate application logic from the appearance of the Web page.