Cookie session Technology
What is a conversation
It is a call process in web development. When the browser is opened and the website address is accessed, the session starts. When the browser is closed (or the expiration time is reached), the session ends. It is a call process in web development. When the browser is opened and the website address is accessed, the session starts. When the browser is closed (or the expiration time is reached), the session ends.
Session management classification
Client session management technology
It saves the data to be shared to the client (that is, the browser). Each request brings the session information to the server, so as to realize the data sharing of multiple requests.
Server session management technology
In essence, it still adopts the client session management technology, but what is saved to the client is a special ID, and the data to be shared is saved to the memory object of the server. Each time a request is made, the identity is brought to the server, and then the identity is used to find the corresponding memory space, so as to realize data sharing.
What is a Cookie
It is the cache file of the client browser, which records some contents of the website visited by the client browser. At the same time, it is also a part of the HTTP protocol request and response header (we noted that it is very important in the HTTP protocol course).
Role of cookies
It can save the relevant content of the website accessed by the client browser (the client does not need to disable cookies). Therefore, when the same content is required for each access, it can be obtained from the local cache first, so as to share resources and improve efficiency.
Properties of cookies
| Attribute name | Attribute function | Is it important |
|---|---|---|
| name | The name of the cookie | Required properties |
| value | cookie value (cannot be Chinese) | Required properties |
| path | Path to cookie | important |
| domain | The domain name of the cookie | important |
| maxAge | The lifetime of the cookie. | important |
| version | The version number of the cookie. | unimportance |
| comment | Description of the cookie. | unimportance |
details
Cookies are limited in size and number. Each website can only store up to 20 cookies, and the size can not exceed 4kb. At the same time, the total number of cookies on all websites shall not exceed 300.
When deleting cookies, set the maxAge value to 0. When maxAge is not set, the memory of the browser is used. When the browser is closed, the cookie will be lost. If this value is set, it will be saved as a cache file (the value must be greater than 0, in seconds).
case
Display login time
@WebServlet(name = "ServletDemo06", value = "/ServletDemo06")
public class ServletDemo06 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//Write out the prompt information through the response object
resp.setContentType("text/html;charset=UTF-8");
PrintWriter w1 = resp.getWriter();
String s = "Welcome to this website,Your last visit was:";
w1.write(s);
//Create a Cookie object to record the last access time
Cookie cookie = new Cookie("time", System.currentTimeMillis() + "");
//Set maximum lifetime
cookie.setMaxAge(3600);
//Add cookie object to client
resp.addCookie(cookie);
//Get cookie
Cookie[] arr = req.getCookies();
for (Cookie cookie1 : arr) {
if ("time".equals(cookie1.getName())){
String value = cookie1.getValue();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
w1.write(sdf.format(new Date(Long.parseLong(value))));
}
}
}
}
HttpSession server session management
Introduction to HttpSession object
It is an interface provided in the Servlet specification. The implementation of this interface is provided by the implementation provider of Servlet specification. We use Tomcat server, which implements the Servlet specification, so the implementation of HttpSession interface is provided by Tomcat. The object is used to provide a method to identify a user and store information about the user through multiple page requests or visits to a website. In short, it is a server session object, which is used to store user session data.
At the same time, it is also a session domain object, one of the four domain objects in the Servlet specification. And it is also used to realize data sharing. But it is different from the application domain and request domain we explained earlier.
Common methods of HttpSession
Introduction to HttpSession
@WebServlet(name = "ServletDemo07", value = "/HttpSession07")
public class ServletDemo07 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
HttpSession session = req.getSession();
System.out.println(session);
String id = session.getId();
System.out.println(id);
session.setAttribute("username",username);
}
}
@WebServlet(name = "ServletDemo08", value = "/HttpSession08")
public class ServletDemo08 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
HttpSession session = req.getSession();
System.out.println(session);
String id = session.getId();
System.out.println(id);
Object username = session.getAttribute("username");
System.out.println(username+"");
}
}
Details of HttpSession
-
Unique identification
You can view the Request Header again, and the JSESSIONID in the Cookie can view the unique ID. You can also view the same getSessionid() -
Browser disable cookies
Method 1: inform users of the solutions adopted by most websites through prompt information
Method 2: splice the jsessionid ID ID during access, and rewrite the address through the encodeURL() method -
Passivation and activation
Passivation: serialize the HttpSession that has not been used for a long time but has not expired, and write it to disk.
Activation: the opposite state
When is passivation
The first case: when the traffic is too large, the server will sort according to getLastAccessTime and serialize httpsessions that have not been used for a long time but have not expired
The second case: when the server is restarted, it should also be serialized in order to maintain the data in the client HttpSession
The serialization of HttpSession is automatically completed by the server. We don't need to care.