Explanation of session and Cookie in Java

Why cookies are required: Because HTTP is a stateless protocol, when we use a browser to access the site, how does the server differentiate between which browser sends the request, and how the server sends different messages to different browsers, which requires our cookie to solve the problem. The cookie mechanism is a scheme to save the state in the client, he is the user-side storage mechanism, of course, he also needs the user to actively open the cookie support. The session mechanism is a scheme that maintains state between client and server, what kind of gratitude is it? If we save a user-accessed identity on the server side, then this single hold is still not able to tell which client sent the request, so we still need to save the same server-side identity on the client, so the session mechanism also needs to use the cookie mechanism to achieve his purpose. How cookies and Sessions work: cookies: When a user accesses a website, users get more than just these pages, they also acquire cookies, and can be saved on a local disk, In the cookie, each time the user visits the site date and time information or user name password information, the user and the server to respond to the request is also constantly exchanging the cookie produced by the user, and users will be the latest cookies stored on disk, for different sites, The client stores different cookie information. If the user requests the same website information again after closing the browser, the browser will query the local disk for the cookie associated with the URL and, if so, send the cookie to the server together with your request. From the workflow above we can find that the cookie is the mechanism by which the client holds the information associated with the site. As long as you visit this site, you will be using the cookie you just saved. Session: When the program needs to create a session for a client's request, the server first checks to see if the client's request contains a session ID, which we call the SessionID, If there is a session has been created for the client, the server side will follow this sessionid to retrieve the session (if not found, create a session), if not then we create a new session, and generate an associated SessionID, and in this response to return to the client, the session on the server side will save it, and on the client, how we do, here is the way the cookie works to save this SessionID, So that when the current user does not close the browser, we will follow the rules to send this flag toServer. Generally the name of this cookie is similar to SessionID, and the value of this SessionID is a random string that neither repeats nor has a fixed rule. Here we find the session and the difference between the cookie, the session is associated with a real-time conversation, if you close the browser, then your SessionID will also follow the disappearance, this is why? Some people say that since the use of the cookie preservation method Why will it disappear? Because they have different save locations, in the way cookies work, we see that cookies are stored on a local disk, and for the session, although we used the cookie to save it, but did not save it to the local disk, but saved it in the browser cache, Of course, after you close the browser, the cache is emptied, and the session you saved will of course disappear. While the SessionID on the server has not been deleted, forcing the server to set a time-out for SessionID, if the timeout is exceeded, the server can assume that the client has stopped the activity. Then the server automatically deletes this sessionid to conserve the storage space of the server. And each browser has the ability to disable cookies, so if the client has disabled the function of cookies, what should we do? Usually there are three ways: a URL rewriting technique, which is to attach the session ID directly after the URL path, there are two additional ways, one is as the URL path of additional information, the representation of http://...../xxx;jsessionid= byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng!-145788764 another is appended to the URL as a query string, with the representation of http://...../xxx? jsessionid=byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng!-145788764 these two ways for the user is no difference, but the server in the resolution of the way the processing of different , the first method is also helpful to distinguish the information of session ID from normal program parameters. In order to maintain state throughout the entire session, the Essionid must be added after the path of each client Pull server. One is to hide the table

Explanation of Session and Cookie in Java