This is the 27th day of my participation in Gwen Challenge

HTTP: stateless protocol, cannot save login status

Cookie is an extension of THE HTTP protocol. The server adds a set-cookie field in the response header and sends the cookie value to the client. Upon receiving the response, the browser automatically saves the cookie. The cookie is sent to the server in the cookie field attached to the request header.

1. Cookies are stored by domain name. Cookies obtained from domain name A are only sent back to domain name A.

2. Cookies are classified into temporary cookies and permanent cookies. If a cookie does not have an expiration date, the browser will delete the cookie when it closes. This kind of cookie is called a temporary cookie. If the cookie has an expiration date, the browser will keep the cookie until the expiration date. This cookie is called a persistent cookie. Cookies are often used to store a user’s login information.

Session life cycle Once a Session client requests the server, the Server (Tomcat) allocates a memory space for this request. This object is called the Session object. The storage structure is ConcurrentHashMap. The purpose of sessions: To compensate for the stateless nature of HTTP, the server can use sessions to store records of client operations during the same session.

How do the server and client obtain the sessionID? How is the SessionID transmitted during the session?

After receiving the request for the first time, the server creates a session object, generates a sessionID, and sets set-cookie through the response header. The command “JSESSIONID=XXXXXXX” is used to send a response requesting setting cookies to the client. After receiving the response, the client sets a cookie with JSESSIONID=XXXXXXX on the local client. The cookie expires at the end of the browser session.

@RestController
public class SessionDemo{
    // If you want to get a Cookie, you need to get a Cookie first.

    @RequestMapping(value = "/cookies",method = RequestMethod.GET)
    public  void setCookies(HttpServletRequest request, HttpServletResponse response) throws IOException {
        HttpSession session = request.getSession();
        response.setContentType("text/html; charset=UTF-8");
        response.setCharacterEncoding("UTF-8");
        String id = session.getId();
        if (session.isNew()){
            response.getWriter().print(Session created successfully, id:+id);
        }else {
            response.getWriter().print("The server already has a session, the session ID is:"+id); }}}Copy the code

Close the browser, does the session still exist? Yes, the default session duration is 20 minutes. The cookie is in the process. After the browser is closed, the cookie is invalid and the JSESSIONID is gone. When you attempt to access the browser again, a new Sessio and JSESSIONID are created, and the original session still exists.

Persistent Jsessionid, you can create a cookie as the Jsessionid, set the validity time

String id = session.getId();
// Manually create a Cookie to store the JSESSIONID and set the persistence time for the Cookie
Cookie cookie = new Cookie("JSESSIONID", id);
cookie.setMaxAge(10 * 60);
response.addCookie(cookie);
Copy the code