HttpSession "Reprint"

The mechanism of the session

HTTP is a stateless protocol, and every time a customer reads a Web page, the server opens a new session, and the server does not automatically maintain the client's contextual information, so how can you implement session tracking? session is a mechanism for saving context information, which is for each user, the value of the variable is stored on the server side, through the SessionID to distinguish between different customers , session is based on cookie or URL rewrite , which is implemented by default using a cookie, the system creates an output named Jsessionid that is returned to the client cookie to be saved.

Several ways to save session IDs

A You can save the session ID by using a cookie so that the browser can automatically send the tag to the server in the interactive process.

B Since cookies can be artificially banned, there must be other mechanisms in place to pass the session ID back to the server when the cookie is banned, a technique often called URL rewriting, which appends the session ID to the URL path. There are two additional ways, one is additional information as a URL path, and the other is appended to the URL as a query string. The network always maintains state throughout the interaction and must include the session ID after each client may request a path.

C Another technique is called a form-hidden field. Is that the server automatically modifies the form, adding a hidden field so that the session ID can be passed back to the server when the form is submitted.

When the session was deleted

The session is deleted under the following circumstances:

A Program Call Httpsession.invalidate ()

B Distance from the last received client sent session ID time interval exceeds the maximum effective time of the session

C Server process is stopped

Note that closing the browser only invalidates the session cookie stored in the client browser memory and does not invalidate the session object on the server side.

What are the drawbacks of URL rewriting

Use URL overrides for all URLs, including hyperlinks, action for form, and redirected URLs. Each URL that references your site, and the URLs that are returned to the user (even through indirect means, such as the Location field in server redirection), add additional information.

This means that you cannot have any static HTML pages on your site (at least static pages cannot have any links to site dynamic pages). Therefore, each page must be dynamically generated using a servlet or JSP. Even if all the pages are generated dynamically, if the user leaves the session and comes back again via a bookmark or link, the session information is lost because the stored link contains the wrong identity information-the session ID after the URL has expired.

What are the drawbacks of using hidden form fields

You can use this method only if each page is dynamically generated with a form submission. Click the General <a HREF: > Hyperlinks do not generate form submissions, so hidden form fields can only be used in a specific set of operations, such as the checkout process for an online store .

How to associate information with a conversation

SetAttribute replaces any previously set value, and if you want to remove a value without providing any substitution, you should use RemoveAttribute. This method triggers all Valueunbound methods that implement the value of the Httpsessionbindinglistener interface.

Are there any restrictions on the types of session properties?

Usually the type of session attribute is as long as an object is available. Except for null or basic types, such as Int,double,boolean.

If you want to use the value of the base type as an attribute, you must convert it to the corresponding encapsulated class object

Use IsNew to determine if a user is wrong with a new or old user

public Boolean IsNew () method This method returns true if the session has not been associated with the client program (browser), typically because the session is new and not caused by the input client request.

However, if IsNew returns false, it simply means that he has visited the Web app before and does not mean that they have visited our servlet or JSP pages.

Because the session is user-related, it is possible for each page accessed by the user to create a conversation. So isnew to false can only say that the user has previously visited the Web app, the session can be either the current page creation, or the user previously visited the page created.

The right thing to do is to determine if a particular key exists in a session and its value is correct

If you close the browser, the session disappears.

The program is usually when the user does log off to send a command to delete the session, however, the browser will never proactively notify the server before closing it will be shut down, so the server will not have the opportunity to know that the browser has been closed. The server retains the session object until it is inactive beyond the set interval.

The reason for this error is that most sessions use session cookies to save the conversation ID, and this session ID disappears when you close the browser, and you cannot find the original session when you connect to the server again.

If the cookie set by the server is saved to the hard disk, or if you use some means to overwrite the HTTP request header sent by the browser, send the original session ID to the server, then open the browser again to still be able to find the original session.

It is precisely because closing the browser does not cause the session to be deleted, forcing the server to set an expiration time for the session, when the customer last time to use the session more than the expiration time, the server can assume that the client has stopped the activity, The session is deleted to save storage space.

From this we can draw the following conclusions:

Closing the browser will only leave the session cookie in the browser's memory, but it will not disappear from the session object saved on the server side, nor will the persistent cookie that has been saved to the hard disk disappear.

How to use sessions to show the number of visits per customer

Since the client's access count is an integer variable, it is not possible to use basic types of variables such as Int,double,boolean in the session's attribute type, so we use these basic types of encapsulated type objects as the values of the properties in the Session object

But like an integer is a non-modifiable (immutable) data structure that cannot be changed after it is built. This means that each request must create a new integer object, and then use setattribute instead of the value of the old property that existed earlier. For example:

HttpSession session = Request.getsession ();

Someimmutalbeclass value = (someimmutableclass) session.getattribute ("Someidentifier");

if (value= =null) {

Value = new Someimmutableclass (...); Create a new object that cannot be changed

}else{

Value = new Someimmutableclass (Calculatedfrom (value)); Creates a new object after recalculation of value

}

Session.setattribute ("Someidentifier", value); Overwrite the old object with the newly created object

How to use a session to accumulate user data

Use variable data structures, such as arrays, lists, maps, or application-specific data structures that contain write-in segments. In this way, you do not need to call setattribute unless you assign the object for the first time. For example

HttpSession session = Request.getsession ();

Somemutableclass value = (somemutableclass) session.getattribute ("Someidentifier");

if (value = = null) {

Value = new Somemutableclass (...);

Session.setattribute ("Someidentifier", value);

}else{

Value.updateinternalattribute (...); If the object already exists, update its properties without having to reset the property

}

Reproduced in: http://blog.sina.com.cn/s/blog_4cc16fc50100bx9r.html

HttpSession "Reprint"