Java web core technology ~ Cookie&HttpSession

Posted by chadbobb on Sat, 18 Dec 2021 21:58:15 +0100

Cookie session Technology

What is a conversation

It is a call process in web development. When the browser is opened and the website address is accessed, the session starts. When the browser is closed (or the expiration time is reached), the session ends. It is a call process in web development. When the browser is opened and the website address is accessed, the session starts. When the browser is closed (or the expiration time is reached), the session ends.

Session management classification

Client session management technology

It saves the data to be shared to the client (that is, the browser). Each request brings the session information to the server, so as to realize the data sharing of multiple requests.

Server session management technology

In essence, it still adopts the client session management technology, but what is saved to the client is a special ID, and the data to be shared is saved to the memory object of the server. Each time a request is made, the identity is brought to the server, and then the identity is used to find the corresponding memory space, so as to realize data sharing.

What is a Cookie

It is the cache file of the client browser, which records some contents of the website visited by the client browser. At the same time, it is also a part of the HTTP protocol request and response header (we noted that it is very important in the HTTP protocol course).

Role of cookies

It can save the relevant content of the website accessed by the client browser (the client does not need to disable cookies). Therefore, when the same content is required for each access, it can be obtained from the local cache first, so as to share resources and improve efficiency.

Properties of cookies

Attribute nameAttribute functionIs it important
nameThe name of the cookieRequired properties
valuecookie value (cannot be Chinese)Required properties
pathPath to cookieimportant
domainThe domain name of the cookieimportant
maxAgeThe lifetime of the cookie.important
versionThe version number of the cookie.unimportance
commentDescription of the cookie.unimportance

details
Cookies are limited in size and number. Each website can only store up to 20 cookies, and the size can not exceed 4kb. At the same time, the total number of cookies on all websites shall not exceed 300.
When deleting cookies, set the maxAge value to 0. When maxAge is not set, the memory of the browser is used. When the browser is closed, the cookie will be lost. If this value is set, it will be saved as a cache file (the value must be greater than 0, in seconds).

case

Display login time

@WebServlet(name = "ServletDemo06", value = "/ServletDemo06")
public class ServletDemo06 extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //Write out the prompt information through the response object
        resp.setContentType("text/html;charset=UTF-8");
        PrintWriter w1 = resp.getWriter();
        String s = "Welcome to this website,Your last visit was:";
        w1.write(s);


        //Create a Cookie object to record the last access time
        Cookie cookie = new Cookie("time", System.currentTimeMillis() + "");
        //Set maximum lifetime
        cookie.setMaxAge(3600);
        //Add cookie object to client
        resp.addCookie(cookie);
        //Get cookie
        Cookie[] arr = req.getCookies();
        for (Cookie cookie1 : arr) {
            if ("time".equals(cookie1.getName())){
                String value = cookie1.getValue();
                SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                w1.write(sdf.format(new Date(Long.parseLong(value))));
            }
        }
    }
}

HttpSession server session management

Introduction to HttpSession object

It is an interface provided in the Servlet specification. The implementation of this interface is provided by the implementation provider of Servlet specification. We use Tomcat server, which implements the Servlet specification, so the implementation of HttpSession interface is provided by Tomcat. The object is used to provide a method to identify a user and store information about the user through multiple page requests or visits to a website. In short, it is a server session object, which is used to store user session data.

At the same time, it is also a session domain object, one of the four domain objects in the Servlet specification. And it is also used to realize data sharing. But it is different from the application domain and request domain we explained earlier.

Common methods of HttpSession

Introduction to HttpSession

@WebServlet(name = "ServletDemo07", value = "/HttpSession07")
public class ServletDemo07 extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String username = req.getParameter("username");
        HttpSession session = req.getSession();
        System.out.println(session);
        String id = session.getId();
        System.out.println(id);
        session.setAttribute("username",username);

    }
}

@WebServlet(name = "ServletDemo08", value = "/HttpSession08")
public class ServletDemo08 extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        HttpSession session = req.getSession();
        System.out.println(session);
        String id = session.getId();
        System.out.println(id);
        Object username = session.getAttribute("username");
        System.out.println(username+"");
    }
}

Details of HttpSession

  • Unique identification
    You can view the Request Header again, and the JSESSIONID in the Cookie can view the unique ID. You can also view the same getSessionid()

  • Browser disable cookies
    Method 1: inform users of the solutions adopted by most websites through prompt information
    Method 2: splice the jsessionid ID ID during access, and rewrite the address through the encodeURL() method

  • Passivation and activation
    Passivation: serialize the HttpSession that has not been used for a long time but has not expired, and write it to disk.
    Activation: the opposite state

When is passivation
The first case: when the traffic is too large, the server will sort according to getLastAccessTime and serialize httpsessions that have not been used for a long time but have not expired
The second case: when the server is restarted, it should also be serialized in order to maintain the data in the client HttpSession

The serialization of HttpSession is automatically completed by the server. We don't need to care.

Topics: Java html5 http