Java EE details questions 05--cookie and session

The role of the cookie and session:

are used to store some key data.

Where the cookie and session are stored:

The cookie is stored on the client and the session is stored on the server

The creation and destruction of cookies and the principle of:

The cookie is generated by the server and sent to the client via the HTTP protocol.

in the response header of the protocol:Set-cookie The information for this cookie :

The next time a cookie is brought to the server, it will be

in the request header of the agreement: the cookie is marked with the information of this cookie:

/* Positive value indicates that the cookie expires after the number of seconds it represents. Note that this value is the maximum lifetime of the cookie expiration, not the current lifetime of the cookie. A negative value means that the cookie is not persisted and will be deleted when the Web browser exits. A value of 0 will result in deletion of cookie*/cookie.setmaxage (Integer.max_value);

Properties and characteristics of cookies:

  When creating a cookie, a k-v value of a string type is passed in, and a cookie can only be made by one K-vcookie cookie = new cookie ("keyyy",   "Valueeee");/* *  Specify a comment that describes  cookie  uses. Comments are useful if the browser displays  cookie to the user.  Netscape Version 0 * cookie  comments are not supported.  */cookie.setcomment ("Testcook");/* * rfc 2109  specifies the form of the domain name. The domain name begins with point   (. foo.com)  , which means in the specified domain Name System (DOMAIN NAME * SYSTEM,DNS) area (for example, www.foo.com, but not   a.b.foo.com) cookie *  is visible to the server. By default,,cookie  is returned only to the server where they are sent.   * pattern  string containing the domain name (where this  cookie  is visible); The domain name form conforms to  rfc 2109 */// The Cookie.setdomain ("");/* *  positive value indicates that  cookie  will expire after the number of seconds represented by the values. Note that this value is the maximum   lifetime of the  cookie  expires,  is not the current time to live for  * cookie.   Negative values mean that  cookie  is not persisted and will be deleted when  Web  browser exits. A 0  value causes the  cookie to be deleted.  */cookie.setmaxage (integer.max_value);/* *  Specifies the path that the client should return to  cookie .  cookie  for all pages in the specified directory and all of the subdirectories in that directoryThe pages are visible. The path to the cookie *  must include settings  cookie   servlet, such as  /catalog, which makes  cookie  for the server   All directories under the/catalog *  are visible. The default state is the sibling of this servlet that currently sends the cookie  *///cookie.setpath ("");/* *  indicates whether the browser can only use security protocols such as  HTTPS  or  SSL) Send  cookie.   The default value is  false.  flag  if  * true, the  cookie  is sent from the browser to the server only when the security protocol is used, and if it is  false, it can be sent when any protocol is used  */cookie.setsecure (FALSE);/* *  assigns the new value to  cookie after the  cookie  is created. If you use a binary value, you may need to use  BASE64  encoding.   for  version 0 * cookie, values should not contain spaces, brackets, parentheses, equals, commas, double quotes, slashes, question marks, at  symbols, colons, and semicolons.  *  null values do not necessarily behave the same on all browsers.  */cookie.setvalue ("VVV");/* *  set this  cookie  compliance  cookie  protocol version. Version  0  compliance with the original  Netscape cookie  specification. Version  1  compliance with  rfc * 2109.  */cookie.setversion (1);//Send this cookieresponse.addcookie (cookie);

The creation and destruction of the session and its principle:

First the session functions with a conversation . What is a session? is to open this site and do some work until you close the site.

The session is generated by the server and is then sent to the client by a cookie (which is not created) to send a key value with the Jsessionid parameter and value .

Jsessionid is the identifier of a region in the server memory that is currently represented by this session , with this cookie every time a request is made in a single session. This jsessionid identifier in the cookie allows you to locate the session in the server.

The session is closed or deleted, or the session is removed using Session.invalidate ().

Session instance:

The properties and features of the session:

Session Creation:

/* * Get to the current session * GetSession () Same as getsession (TRUE) usage!: If the session is currently present, the current session is returned, and if not, A * GetSession (FALSE) is created: There is currently no session and no new session */httpsession session = Req.getsession ();

A session is a domain that can hold objects that are scoped to a conversation.

the access to the object is not said, here to say about the removal of objects.

Many people will use Session.invalidate () to delete the session, so that the object in the session field is gone, but this is not good.

The first one is to hurt the innocent, in order to delete object A, the result b,c,d also all gone. The second is a waste of resources, because each time a direct deletion

Session, you have to set up a new session at the next request.

There is also the use of removeattribute (key), such a way to remove objects, which is better.

Java EE details questions 05--cookie and session