Httpsessionhttp protocol
HTTP protocol is a stateless stateless, so a user to the server access, no matter how many times, the server will be like the first time to be accessed. This means that the server does not differentiate users.
A request comes in, the server will give a corresponding, and then the connection between the broken.
Session
How to make the server recognize two requests from the same customer? Set a unique ID, this ID is called SessionID.
When the server responds to a request, it is accompanied by putting the SessionID into the response, which is passed to the server at the time of the request immediately, The server will first look for a relative sessionid when it accepts the request, and if so, he will be able to identify the user who has previously visited it.
Cookies
The server needs to append a seesion ID to the client's response, and the client needs the request with a session ID. The most common and simplest way is to use the client's cookie.
In response, there is a header in the key is "Set-cookie"
A key in the request that has a header is "Cookie"
Returns a session Cookie in a response:
HttpSession session = Request.getsession ();
In this way, not to create a new httpsession;
did not own to generate a sessionid;
Not making a cookie yourself;
Not going to associate a session ID with a cookie.
All the work done above is container.
Get a session Id in a request
HttpSession session = Request.getsession ();
This is the same as above, if the request contains a session ID cookie, it will be returned to the session, otherwise a session ID cookie is created.
Request.getsession (); The returned session object has a IsNew () method, which can be used to determine whether the session is already in existence or just newly created.
If you want the original session, rather than create a new session object, you can use Request.getsession (false);
If the return value of this method is not NULL, the returned result is the original session object.
A client with cookies disabled would ignore "set-cookie" response headers
URL rewriting
If the client has banned the cookie, the session can be used, but some other work is needed.
URL rewriting, a way to rely on
public void Doget (HttpServletRequest request, httpservletresponse response) throws IOException {Response.setcontenttype (" text /html "); PrintWriter out = Response.getwriter (); HttpSession session = Request.getsession (); Must does this, otherwise response.encodeurl () is not SessionID out.println (" ");
//Response.encodeurl ("/beertest.do") generates an object with a Sessionid=xasdaasdfcfera string. Out.println (" <a href=\" "+ Response.encodeurl ("/beertest. Do ") +" \ ">click me</a>"); Out.println (" </body>
Redirect, but still want to use the Session object:
Response. Encoderedirecturl ("/beertest.do")
Note: If more than one link in a page is associated with the session, then these link needs to be rewritten. There is no way to rewrite all the link.
Note: All URL overrides are HttpServletResponse objects, not the request object's ~
Warning: We should not create a Jessionid parameter, and there is a cookie in the header of request, and Jsessionid is one of its key-value pairs.
Key points:
1 URL rewrite (response.encodeurl ("some")) will give all of your rewritten URLs followed by a session ID.
2 The URL to be rewritten, when the server is requested, Jssesionid will exist as an additional information at the end of the URL.
3 URL rewriting only works when the client prohibits cookies, but we have a reason to append a URL rewrite, which disables the cookie for any brain residue.
4 does not give a static page all the URL rewrite mechanism, so if you want to rewrite the URL, you need to use the dynamic loading method, that is, the server-side Response.encodeurl ("/dome.do")
Three forms of the session extinction
- Time Out
- Session.invalidate ();
- Application Shut down.^.^
Add the following settings to the Web. XML to set the session expiration time, where 15 is min.
< Session-confi g > < Session-timeout ></session-timeout></session-config >
Session.setmaxinactiveinterval (int second), it is important to note that the parameter of this method is seconds .
Session.setmaxinactiveinterval (20*60); This is used to set the session time out.
Use of cookies
Of course, the existence of cookies is to sessionid related content, but can also do some other East things.
Httpservletrequest.getcookies (); Access to cookie Information
Httpservletresponse.setcookie (); Append a cookie
A cookie is a key-value pair
Cookie cookie = new Cookie ("UserName", "Voctrals Lou");
Cookie.setmaxage (60 * 30); Set the cookie expiration time to 30 minutes
Cookie.setmaxage (-1); Set cookies to expire immediately
Response.addcookie (cookie);
cookie[] cookies = request.getcookies (); for (int i = 0; i < cookies.length; i++= Cookies[i]; If (Cookie.getname (). Equals ("UserName"= cookie.getvalue (); // ... }}