One, HTTP protocol stateless
WEB applications use HTTP to transfer data. HTTP is a stateless protocol. After the data transfer, the client will disconnect from the server and need to establish a new connection to transfer data again, which makes session tracing impossible. It can be understood that the server is a kind of amnesia, this time you visit it and exchange data with it, the next time he will not know you, this is a very unfriendly thing. This problem has a very direct way to solve it, is the server you meet you, every time you tell it to your name,, that is, each time a client to access all need to bring your own parameters, can be used in a GET request every time bring your own parameters, but it is certainly not desirable, should GET request parameter information on the browser’s address bar, There’s no guarantee of security with all the information exposed. In order to solve the HTTP amnesia, cookie and session technologies have entered the stage of history.
Second, the Cookie
Since every GET request takes the data with it to ensure security, cookie technology puts the data in the request header, which makes it a little safer. It’s not so safe… Later said. Cookie technology is a client technology. First, the program gives the client data in the form of cookie stored in the browser, so that the browser will bring the data when it requests again, so that the browser will know the request. The access process is that when the client visits the server for the first time, the browser will add set-cookie information in the response header. When it jumps to another resource, that is, when it sends a request again, the request will put Cookie: XXX on the request header, which is the previous data of itself, in order to let the server know about itself.
1. The operation of the cookie
-
Create a cookie object and add it to the response
Cookie cookie = new Cookie(String name,String value); response.addCookie(cookie); Copy the code
-
Gets the data in the cookie from the request
Cookie[] cs = request.getCookies();// We can iterate out each cookie object over cs, for-each String cookieName = cookie.getName(); String value = cookie.getValue(); Copy the code
-
Make cookie property support Chinese
Cookie cookie = new Cookie("cookieName",URLEncoder.encode(username,UTF-8));// Create the cookie object to encode the property String value = URLDecoder.decode(cookie.getValue(),"UTF-8");// Get the data in the cookie to decode the property Copy the code
-
Modify attributes in cookies
// Method 1: Set a key with the same name, overwrite the previous one, and add the cookie object to the response Cookie c2 = new Cookie("currentName"."HHH"); resp.addCookie(c2); // Method 2: call setValue(); You also need to add the object back into the response c.setValue("HHH"); resp.addCookie(c); Copy the code
-
The cookie lifetime is set
c.setMaxAge(-1); // Set negative values to indicate - session cookie, default. The browser closes and the cookie disappears c.setMaxAge(0); / / delete the cookie c.setMaxAge(10); // Persist the cookie and set the cookie to live for 10s Copy the code
-
Set the path of the cookie
/** * Set the path of the cookie to "/", set the entire root path can share this cookie, * default is the last /, For example, /cookie/login will only be shared with cookie/list, but not with /xx/list, i.e. only resources that start with /cookie */ will be shared c.setPath("/"); Copy the code
2. The shortcoming of the Cookie
Although cookies put the data in the request header, they still store the data in the browser. Browsers have an option to view cookies, which is obviously not secure. In addition, browsers and servers generally limit the size of cookies, and it is very troublesome to write Chinese every time the encoding and decoding.
Third, the Session
In contrast to cookies, which store data in the client’s browser, sessions store data in the server. Session in Chinese means “session, the server for each session created a data memory area to exist, for the first time, ask the server for the data stored in the server, the server to the client in response to a number, the next time to request with this number can be found in the server’s memory space in their own data. Different from cookies, session stores data in the form of key-value. In this case, value is of Object type, while cookie is of String type.
The first time the browser requests the server, the server will create a cookie object and put the data in key-value form, and then add set-cookie: XXX in the response header. The next time the browser accesses the server, Cookie: XXX is added to the request header. As you can see, sessions are essentially cookies.
** Note: **session will disappear after the reply, that is, closing the browser or closing the server will invalidate the session.
1. The operation of the Session
-
Create and get session objects
The first request creates the object, and the second request, of course, does not create the object until the current session ends.
HttpSession session = req.getSession(); HttpSession session = getSession(boolean create); / * true(Default) : Returns a session object if it exists in the current request, creates one if it does not and returns *false: Returns the session object if it exists in the current request, or if it does notnull; * /Copy the code
-
Store data in session
session.setAttribute(String key,Object value);// The key is usually named in uppercase Copy the code
-
Take the data
Object value = session.getAttribute(String key);// Select value from key Copy the code
-
Delete the session
session.removeAttribute(String key);// Delete by key session.invalidate();// Destroy the session object Copy the code
-
Timeout mechanism
// The session object is automatically destroyed when there is no interaction between the browser and the server for some time session.setMaxInactiveInterval(30);//30s Copy the code
2. The disadvantage of the session
Sessions are stored on the server for a certain amount of time. When the number of accesses increases, the performance of the server will be reduced.