Session sessions with two session states

What is a session?

The use of cookies and additional URL parameters can be used to pass the status information of the last request to the next request, but if the delivery of more state information, will greatly reduce network transmission efficiency and increase the difficulty of server-side program processing.

Session technology is a technology that keeps the conversation state on the server side, and it can be likened to a medical record card issued to a patient by a hospital and a combination of medical records maintained by the hospital for each patient.

The session ID number that the client needs to receive, memorize, and send back the session, which can and usually be passed with a cookie.

　　Share data on different pages of the same user (Session)

　　

　　

　　How to understand the session

　　

　　The tracking mechanism of the session

A httpsession interface is defined in the Servlet API specification, and the HttpSession interface defines a variety of methods for managing and manipulating session state.

The HttpSession object is a storage structure that maintains session state information, and a client corresponds to a separate HttpSession object on the Web server side.

The Web server does not create a HttpSession object when the client begins to access it, and the Web application creates a HttpSession object corresponding to that client only if the client accesses a servlet program that can open the session to the client.

The Web server assigns a unique session identification number to the HttpSession object, and then passes the session ID to the client in the response message. The client needs to remember the session ID number and pass the session ID number to the Web server in each subsequent access request, and the Web server-side program knows which client the request was issued from, based on the session ID of the callback, and selects the corresponding HttpSession object.

After a Web application creates a HttpSession object corresponding to a client, the HttpSession object resides in the Web server memory as long as there is no longer a qualifying idle period, and the client accesses any servlet program thereafter. They all use the existing HttpSession object that corresponds to the client.

A setattribute method is specifically defined in the HttpSession interface to store objects in HttpSession objects, and a getattribute method is defined to retrieve the objects stored in the HttpSession object. Objects stored in a HttpSession object can be shared by handlers of individual requests that belong to the same session.

Session is the best solution for shopping cart, which is stored in a customer session and can serve as a shopping cart for the customer.

　　Timeout Management for session

The Web server cannot determine whether the current client browser will continue to access or detect whether the client browser is closed, so even if the client has left or closed the browser, the Web server retains its corresponding HttpSession object.

As time goes by, adding new access clients, the Web server memory will therefore accumulate a large number of HttpSession objects that are no longer being used, and will eventually result in server memory exhaustion.

The Web server uses a "time-out limit" method to determine whether the client is still in access, and if a client does not make a subsequent request within a certain amount of time, the Web server considers that the client has stopped the activity, ends the session with the client and turns the corresponding HttpSession object into garbage.

If the client browser times out and then makes an access request again, the Web server considers this to be the beginning of a new session, creates a new HttpSession object for it, and assigns a new session identification number.

The time-out interval for a session can be set in the Web. xml file, and its default value is defined by the servlet container.

<session-config>

<session-timeout>30</session-timeout>

</session-config>

How to use Session

In web development, the server can create a session object for each user browser (Session object), note that a browser exclusively has a Session object (by default). Therefore, when the user data needs to be saved, the server program can write the user data to the user's browser exclusive session, when users use the browser to access other programs, other programs can remove the user's data from the user's session, to serve the user.

The main differences between session and Cookie are:

A cookie is a browser that writes the user's data to a user.

Session Technology writes the user's data to the user's exclusive session.

The session object is created by the server and the developer can invoke the GetSession method of the request object to get the session object.

　　Session Implementation principle

　　Session processing after IE disables cookies

Resolution: URL Rewriting

Response. Encoderedirecturl (java.lang.String URL)

Used to override the URL address after the Sendredirect method.

Response.encodeurl (java.lang.String URL)

Used to override the URL address of the form action and hyperlink

Session sessions with two session states