Session Trace--session

First, HttpSession

1. HttpSession Overview
* HttpSession is a class that is provided by Javaweb for session tracking. Session is a server-side object, saved on the server side!!!
* HttpSession is one of the three major domain objects of the servlet (request, Session, Application (ServletContext)), so it also has setattribute (), getattribute (), RemoveAttribute () method
* HttpSession bottom-dependent cookie, or URL rewrite!

2. The role of HttpSession
* Session Scope: Session scope is a user starting from the first access server, to the end of the user close the browser!
> Session: A user-to-server multiple consistency request! The so-called coherence request is that the user has not closed the browser in the middle of multiple requests!
* The server will create a session object for each client, the session is like the client on the server side of the account, they are saved to a map server, the map is called the session cache!
> Servlet gets Session object: HttpSession session = Request.getsession ();
> JSP Gets the Session object: The session is under the JSP built-in object, without creating it can be used directly!
* Session Domain Related methods:
> void SetAttribute (String name, Object value);
> Object getattribute (String name);
> void RemoveAttribute (String name);

3. Length of action

* As long as the user does not close the browser, the session will always exist, then the user information stored in the session will exist together! Then user access to SUCC1 and SUCC2 will pass!

4. HttpSession principle (understanding)
* Request.getsession () Method:
> Get Jsessionid in Cookies:
<> If SessionID does not exist, create a session, save the session, and save the newly created SessionID in a cookie
<> if SessionID exists, find session object by SessionID, if not found, create session, save session, save newly created SessionID to cookie
<> if SessionID exists, the session object is found by SessionID, then the session object is no longer created.
<> Back to session
> If a new session is created, the browser will get a cookie containing SessionID, which has a life of-1, which exists only in the browser memory, and if the browser is not closed, the cookie persists.
> The next request, when the Request.getsession () method is executed again, because the session object can be found through the SessionID in the cookie, the same session object was used with the last request.

* The server will not create a session for you right away, it will not be created until the session is first acquired! Request.getsession ();

* Request.getsession (FALSE), request.getsession (True), request.getsession (), the latter two methods have the same effect,
> The first method: if there is no session in the session cache (if the cookie does not exist), then NULL is returned and the session object is not created.

5. HttpSession Other methods:
* String getId (): Get SessionID;
* int Getmaxinactiveinterval (): Gets the maximum inactivity time (in seconds) that the session can have and defaults to 30 minutes. When the session is not used within 30 minutes, Tomcat removes the session from the session pool;
* void Invalidate (): Let the session expire! Call this method will be invalidated by the session, when the session expires, the client requests again, the server will create a new session to the client, and in response to the client's new session SessionID;
* Boolean isnew (): Check if session is new. When the client first requests, the server creates a session for the client, but at this point the server does not respond to the client, that is, when the SessionID is not responding to the client, the session state is new.

6. Maximum inactivity time for configuring the session in Web. xml
<session-config>
<session-timeout>30</session-timeout>
</session-config>

7. URL rewriting (understanding)

is to put all the pages in the path, all using Response.encodeurl ("..") Deal with it!

* The session relies on cookies to allow the client to return SessionID upon request, so that the corresponding session can be found
* If the client has disabled the cookie, then can not get SessionID, then the session is useless!
* URL rewriting can also be used to replace cookies
> Add a special request parameter to all hyperlinks and forms in the site, i.e. SessionID
> This allows the server to find the session object by obtaining SessionID from the request parameters.
* Response.encodeurl (String URL)
> This method will intelligently rewrite the URL: When the request does not return SessionID this cookie, then the method will rewrite the URL, otherwise do not rewrite! Of course the URL must be the URL to the site.

Session Trace--session