The session mechanism is a server-side mechanism. The server uses a structure similar to a hash (or a hash) to save information.
WhenProgramWhen you need to create a session for a client request, the server first checks whether the request of this client contains a session ID called session ID, if a session ID is included, it indicates that a session has been created for this client before, and the server uses the session ID to retrieve the session. (if the session ID is not found, a new one may be created ), if the client request does not contain the session ID, the client creates a session and generates a session ID associated with the session. The session ID value should be unique, the session ID is returned to the client for saving in this response.
As you can see above, a session ID value will be saved on the client, since the session value can be saved on the client. Here is a question: how is the session stored on the client? Where is it stored?
==========================================
The following cookies and session content is taken from the http://blog.csdn.net/wangzhkai/archive/2009/05/15/4187496.aspx
Cookie
No matter how to use cookies, there are two types of Cookies stored on the client,
Session cookies are stored in the browser memory.CodeWhen a cookie is written to the client, if no expiration time is specified, the cookie is stored in the browser's memory and will not be persisted on the hard disk, that is, you cannot find it in the temporary file of the browser!
A persistent cookie is stored on the hard disk. When you specify the cookie expiration time, when the client writes a cookie, a file is generated under the temporary file of the browser. The specific format and name can be viewed in the temporary file of the browser.
The cookie principle is as follows: when you write Response in the server code. when Cookie ["mycookie"] = "mytestcookie" is returned to the client in the HTTP response, the cookie information is added to the corresponding HTTP header. After the browser receives the corresponding information, create a cookie on the client according to the cookie in the HTTP response header.
The client's cookie is also inserted in the HTTP header and sent to the server. In addition, all the cookies created on the client in a single domain are carried by each HTTP request on the client, such as the site testwebsite.com, the cookie written to the client at any time, as long as it does not expire, the browser will carry these cookies when sending an HTTP request to testwebsite.com, so the cookie size on the client is limited
about the session
after the cookie is understood, the session is easy to understand. The default session of Asp.net is implemented through the first cookie, you can completely disable the cookies of your browser, and then log on to some registered portal websites, you will find that many cannot log on. It is a cookie that changes the HTTP request to a stateful state. Session implementation is a web server, but it is obviously implemented by using session cookies, that is, the Cookies stored in the browser memory. In the cookie, only sessionid is stored, then, a table is created on the server, which corresponds to the sessionid of the client. This table is stored in the process on the server, that is, the server memory, that is, the application. When the client requests the server, if the server finds this is a new request, it will assign it a sessionid, that is, write a cookie of sessionid in the browser. You can try it out. After you request the server once, you can traverse all the cookies on the client. Then you will find the cookie called sessionid.
========= the above departments from the csdn blog, reprint please indicate the source: http://blog.csdn.net/wangzhkai/archive/2009/05/15/4187496.aspx===========
According to the above analysis, we can also know that the so-called closed browser will cause the session to be lost because we save the session in the session cookie, that is, the session will be saved in the browser's memory. When the browser is closed, because the browser's memory does not exist, the session is lost.
If we can enable the session to be stored in the second method of cookie, can we disable the browser without losing the session.
The session can be saved using the URL path, as shown below:
One is the additional URL path information, in the form of http: //.../xxx; JSESSIONID = byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng! -145788764
The other is appended to the URL as a query string, in the form of http: //.../XXX? JSESSIONID = byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng! -145788764
There is no difference between the two methods for users, but they are handled differently by servers during parsing, the first method also helps to distinguish the session ID information from the normal program parameters.
To maintain the status throughout the interaction process, the session ID must be included after the path that each client may request.
You are welcome to refer to the session and cookie discussions.
.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
