For example, in the shopping cart scenario, the server creates a specific session for the user to identify and track the user. There are many ways for the server to save the session. If there are clusters of memory, database, and files, consider the transfer of the session. Large web sites have clusters of dedicated session servers to store user sessions, which are typically stored in memory
How does the server identify a particular client?
Each TIME an HTTP request is made, the client sends a response cookie to the server. Most applications use cookies to implement session tracking. When a session is created for the first time, the server tells the client to record a session ID in the cookie class. I’m going to send this ID to the database every time I request it, so I know who you are and if the browser disables cookies, I can rewrite the URL to do session tracking
Cookie login scenario, once logged in the website, the second visit does not need to enter the account password automatically logged in, is to write the information in the Cookie, when visiting the website, the script of the website page reads the Cookie, automatically help you fill in the user name
Cookie
The cookie mechanism
CookieAPI
Create and send cookies
@WebServlet("/sendCookie")
public class sendCookie extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// Create cookie cookie cookie=new cookie ("name"."zqf"); Response.addcookie (cookie); response.addcookie (cookie); }}Copy the code
The first access will see that the response header contains a cookie and is sent to the client
Cookies are session level, that is, when the browser starts and closes, the cookie disappears when the browser closes, but sometimes it doesn’t disappear, because the cookie is set to persist on the client side
Set the cookie persistence time
cookie.setMaxAge(10*60*1000); Set the time for storing cookies in the browser to 10 minutes, when the time is up, the cookie information is automatically deletedCopy the code
Set the cookie carrying path
cookie.setPath("/"); Access all resources under the server carry this cookie cookie.setPath("/ project name/current page"); Cookies are carried only when you visit the current pageCopy the code
Delete the cookie.
@WebServlet("/removeCookie")
public class removeCookie extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// Delete client saved name- XXX cookie cookie=new cookie ("name".""); // Set the time to 0 cookie.setMaxAge(0); response.addCookie(cookie); }}Copy the code
To get a cookie
@WebServlet("/getCookie"Public class getCookie extends HttpServlet {// Get the cookie value public voiddoGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
for(Cookie cookie:cookies) {
String cookieName = cookie.getName();
if(cookieName.equals("name")) { String cookieValue = cookie.getValue(); System.out.println(cookieValue); }}}}Copy the code
Session
The session technology is based on cookies, which store the sessionid — jsessionID
The session mechanism
Session is a degree of service mechanism that stores user data like a hash table when the browser sends a request to the client for the first time, The server automatically generates a session and a session ID and the session ID uniquely identifies the session and sends the session ID to the browser when the server responds and the browser carries the session ID when it sends a second request to the server The server uses this ID to find the corresponding session to retrieve user dataCopy the code
If cookies are disabled, sessions are also disabled, and you can override the URL to get rid of cookiesCopy the code
Cookies identify users by recording information on the client. Session identifies users by recording information on the server. Session data is stored on the server, and Cookie data is stored on the client's browserCopy the code
The lifetime of the session
The life cycle
Create the first time request.getSession() is created destroy the server (abnormal) Close the Session expires Automatically configure the Web.xml under Tomcat manually destroy session.invalidate();Copy the code
Is the session destroyed when the server is shut down?
No, I have time to see if the session expiresCopy the code
Session is different from cookie
The session is stored on the server, the cookie is stored on the client in the session. The cookie is stored as a string. The session is not pathable. During the same user's visit to a website, all sessions can access cookies anywhere. If you set the path, If you can't access the session in some places, you need cookies to work properly. If you disable cookies, the session is invalid and the client automatically encapsulates the local surviving cookies in the message sent to the server when sending the requestCopy the code
Application scenarios of Session and cookie
Session context mechanism, for each user, through the sessionID to distinguish between different customers session is based on cookie or URL rewriting, the default cookie implementation, The system will create an output named jsessionID cookie important state go session, not important go cookie, login information use session, shopping car use cookieCopy the code