Cookie&session&servletcontext

First, Cookie VS session

1) Application Scenarios

Cookies can be used to:

Record the last time a user logged on

Remember user name and password

Session can be used to:

Prevent illegal logons (that is, jump directly to a page that would otherwise be logged on to verify)

The verification code entered when the user logs in is correct

Shopping cart function, if combined with a cookie, can also be implemented, when the browser is closed, the next time the item is opened, the items in the shopping cart still exist

2) Storage location

Cookies are written by the server side and exist in the client's temporary folder and can be shared by multiple browsers.

The session exists in the server's memory, so don't put too many things into it, a session corresponds to a browser, so a session domain object is a user browser service

3) Security

Cookies are stored in plaintext in the client and can be encrypted by MD5 and then stored

Session stored in the server's memory, the security is relatively good

4) Network Transmission volume

The cookie transmits information to the server, the session's properties are not given to the client, there is no network transmission problem

5) Life cycle

cookie is cumulative, starting at the time it was created, If set for 20 minutes, then the cookie will expire after 20min. The default life cycle of a cookie is the session cycle, after the browser is closed, the cookie is destroyed. If Setmaxage (0), is to delete the cookie directly, if setmaxage (negative), the browser is closed when the destruction (equivalent to the default a)

Session life cycle is spaced (daze), if set its life cycle is 20min, then only 20 minutes without access to the session, will not expire
The session will also expire in the following cases:
A. Shutting down the server
B.web Application Reload
C. Time's up.
D. The Invalide method that called the session
Note: Session creation via Request.getsession () "If available, if not created", is saved on the server side, so its lifecycle is independent of the client's operations, regardless of whether the browser is opened or closed, without any impact on its life cycle ; only through Session.setinter ... Time to specify

6) The connection between the cookie and the session

The A.cookie and session are created by the server side, except that the cookie is stored in the agreed folder by the Response.addcookie () output to the client, and the session is always present on the server side

B.session at the time of creation, the server will create a cookie at the same time, save the corresponding Jsessionid, each time about the session, the client browser will send the Jsessionid to the server, the lifetime of the cookie is a session cycle (i.e. session Destroyed when the browser is closed). This is the key that the session can identify a sequence of requests belonging to a session in the presence of HTTP stateless conditions. Therefore, if you want to achieve the ability to close the browser, open the shopping cart, the contents still exist, the corresponding method is to create a cookie, the corresponding key and value according to the rules of the session, and set its life cycle.

Cookie cookie=New Cookie ("Jsessionid", Session.getid ()); Cookie.setmaxage (60*30); Response.addcookie (cookie);

Additional Knowledge points:

1) Save Chinese characters in cookies

Workaround: Encode and decode the Chinese part using urlencoding and urldecoding

2) Use URL rewriting to solve the problem of using the session in case of cookie disabling, when Jsessionid will pass through QueryString

Response.encodeurl ("Initial url"); but this requires a call to the session, very simple, a word request.getsession ()

Second, ServletContext

1) Application Scenarios

The website shows the current visitor as the first few

Site shows how many people online (if you want to ensure that the site restart, and so on, the data is not lost, you can open the thread in the background, not a period of time, the corresponding data written to the file system)

2) Description

ServletContext is on the server side

ServletContext is shared by all clients

Life cycle: ServletContext is automatically created when the Web app is launched and destroyed when the Web app is closed

3) Application Method

1) Get the parameters of the Web application, such as database connection related constants, configuration <context-param> parameters in XML.
2) Read the resource file

A. Reading a file
Resource files in the Webroot directory
This.getservletcontext (). Getresourseasstream ()
B. Getting the file path
Gets the absolute path of the file on the local resource system, such as placing a file in the Webroot directory
This.getservletcontext (). Getrealpath ()
C, if the file is placed under the SRC path, using the above method is not readable, you must use the class loader, the class loader to read the default path of the resource is the SRC home directory

Cookie&session&servletcontext