"Javaweb Study Notes" 16

Session Technology Cookie&session

Learning Goals

Case one, record the user's last access time---cookie Case two, verifying the verification code----session

First, session technology introduction 1. Status of the storage client

From a question that leads to today's content, such as the website's shopping system, where does the user store the product information to be purchased? Because the HTTP protocol is stateless, which means that each client accesses a server-side resource, the server does not know who the client is, and therefore requires session technology to identify the state of the client. Session technology is to help the server remember the client state (differentiate clients)

2. Session Technology

From opening a browser to access a site, the entire process of closing the browser becomes a session. Session technology is the recording of the state and data of the client in this session.

Session technology is divided into cookie and session:

Cookies: Data is stored locally on the client, reducing server-side storage pressure, security is not good, clients can clear cookies

Session: Store data on the server side, the security is relatively good, increase the pressure of the server

Second, Cookie Technology

Cookie technology is the technology that stores the user's data to the client, and we learn in two ways:

First, how the server side sends a cookie to the client

Second, how the server accepts cookies that the client carries

1. Server-side sends a cookie to the client

1) Create a cookie:

Cookie cookie = new Cookie (String cookiename,string cookievalue);

Example:

Cookie cookie = new Cookie ("username", "Zhangsan");

The cookie is then sent to the client in the form of a response header:

Note: The cookie cannot store Chinese

2) Set the cookie persistence time on the client:

Cookie.setmaxage (int seconds); ---time seconds

Note: If you do not set the persistence time, the cookie is stored in the browser's memory, the browser shuts down cookie information is destroyed (session-level cookie), and if the persistence time is set, the cookie information is persisted to the browser's disk file

Example:

Cookie.setmaxage (10*60);

Setting cookie information is stored in the browser's disk file for 10 minutes, and the expired browser automatically deletes the cookie information

3) Set the carrying path of the cookie:

Cookie.setpath (String path);

Note: If you do not set a carry path, the cookie information will carry cookie information on the path where the Web resource that generated the cookie is located

Example:

Cookie.setpath ("/web16");

Represents access to any resource in the WEB16 app to carry a cookie

Cookie.setpath ("/web16/cookieservlet");

Represents access to Cookieservlet in WEB16 to carry cookie information

4) Send a cookie to the client:

Response.addcookie (cookie cookie);

5) Delete the client's cookie:

If you want to delete the cookie information that has been stored by the client, overwrite it with a cookie with a persistent time of 0 for the same path.

2. How the server accepts cookies that are carried by the client

Cookie information is sent to the server in the form of a request header:

1) All cookies are obtained by request:

cookie[] cookies = request.getcookies ();

2) Iterate through the cookie array and get the cookie we want by the name of the cookie

for (Cookie cookie:cookies) {

if (Cookie.getname (). equal (CookieName)) {

String cookievalue = Cookie.getvalue ();

}

}

Third, session technology

Session technology is the technology that stores data on the server side, creating a memory space for each client to store the customer's data, but the client needs to carry an identity ID each time to go to the server to find its own memory space. So the implementation of the session is based on the cookie,session need to use cookies to store the unique identity of the customer Jsessionid

In this session we need to learn the following three questions:

How do I get the Session object (memory area) belonging to this client?

How to access data in session (session is also a domain object)?

The life cycle of the session object?

1. Get Session Object

HttpSession session = Request.getsession ();

This method obtains a session object that is exclusively part of the current session, and if the session object that does not have the conversation on the server side creates a new session return, if there is already a session that belongs Session back (essentially, based on Jsessionid to determine if the client already exists on the server)

2. How to access data in session (session is also a domain object)

The session is also an area object that stores data, so the session object also has the following three methods:

Session.setattribute (String name,object obj);

Session.getattribute (String name);

Session.removeattribute (String name);

3. Life cycle of Session object (face question/written question)

Created: The first time you execute Request.getsession () is created

Destroyed:

1) when the server (not normal) shuts down

2) session expiration/expiration (default 30 minutes)

Question: When does the starting point of the time begin to calculate 30 minutes?

Start clocking from server-side resources

Can be configured in the project's Web. xml

<session-config>

<session-timeout>30</session-timeout>

</session-config>

3) Manually destroy session

Session.invalidate ();

Scope of Action:

Default in one session, that is, any resource in a session is common

Interview: The browser is closed and the session is destroyed? Wrong

Summarize:

Focus: Figure

Session Technology:

Cookie technology: Save to client

Send cookies

Cookie cookie = new Cookie (name,value)

Cookie.setmaxage (SEC)

Cookie.setpath ()

Response.addcookie (Cookie)

Get cookies

cookie[] cookies = request.getcookies ();

Cookie.getname ();

Cookie.getvalue ();

Session Technology: Save to server with cookie storage Jsessionid

HttpSession session = Request.getsession ();

SetAttribute (Name,value);

GetAttribute (name);

Session life cycle

Create: Specify Request.getsession () for the first time;

Destruction: Server shutdown, session expiration/expiration, manual session.invalidate ();

Session scope: Default in a conversation

Figures:

Cookies for Shopping

Session

Session field

Shopping process

Show last access time

"Javaweb Study Notes" 16