Application state management ① Hide form fields ②cookie③session④url overrides

Application state Management:
Server connection is stateless, each request sent to the server is new, and do not know whether two times is sent by the same person, in order to resolve the application state, there are 4 common methods:
Form hidden fields: dynamically generated to work
Cookies: Record on browser side, key value pairs, visible, unsafe
Session: Record on the server side, is also a key value pair, server maintenance requires a lot of resources, you can set an effective time limit
URL rewriting: When a user disables a cookie, the sending address contains the session ID

Cookies
is a short text message sent by the Web server to the client browser, sent by the server to the client browser after the first access to the server, and then returned to the same site or domain at a later time when the browser returns the text message without changes

A string array of key-value pairs stored
Cookie Cookie=new Cookie ("", "") constructs a cookie object, specifying a name and value

Cookie.setpath ("/") set cookie valid path, if not set, it will be valid under the same folder by default
Cookie.setmaxage () Sets the cookie survival time in seconds; if not set, the default cookie will disappear as the browser closes
Cookie.getmaxage () Gets the cookie survival time, in seconds:
Cookie.setname ("") set the name of the cookie
Cookie.getname () Get the name of the cookie
Cookie.setvalue () Sets the value of the cookie
Cookie.getvalue () Gets the value of the cookie
Use the Addcookie () method of the HttpServletResponse object to add a cookie to the response header
Returns an array of cookie objects using the GetCookies () method of the HttpServletRequest object

Session
is a client-to-server state-of-the-way solution
The Session object is an interactive information state object established between the client and the server, and different user connections will be given a different session

Divided into: 1, HttpSession: Record session
2. Sqlsession: Record persistent layer Connection database

Create Session object: Call Httpservletrequest.getsession (), Httpservletrequest.getsession (true) to get an existing session, If you do not create a new session back
Httpservletrequest.getsession (false) gets an already-existing session if NULL is not returned

SetAttribute ("String", "object") binds an object with a name in the Session object
GetAttribute ("String") gets the object in the Session object by name
RemoveAttribute ("String") removes the corresponding object from the session by name
Invalidate () session ended
Setmaxinactiveinterval () sets the maximum interval of time, in seconds, for a request

<Session-config>
<Session-timeout>15</Session-timeout> set session time-out, units: minutes
</Session-config>

Destroy session Mode:
1. Set Session timeout
2. Call invalidate () on the Session object
3. End of application

When the request is sent again within the timeout period, the HTTP request will send a cookie that holds SessionID, and the response will not generate a new SessionID value; Once the session object is destroyed, all properties bound to that object will be destroyed.

Application (Web application context) domain scope and session domain scope
Objects in the application (Web application context) are maintained throughout the Web application run
Objects within the session range are maintained only during a continuous session

Application state Management ① Hide form fields ②cookie③session④url override