In a recently written Android, you need to request data from a Web server, have a login activity, log in to Mainactivity, and the middle login and mainactivity all need to request PHP Jsonapi, So to maintain the session in the network request, research for a very, very, very fine. In fact, sesion in the browser and the Web server is directly through a cookie called name SessionID, so as long as every time the data request to keep SessionID is the same one can be used to the web session, The practice is to get the value of the SessionID on the first request of the data and save it in a static variable, and then place the SessionID in a cookie for the second time when the data is requested. The server is through this sessionid to identify the client in the request data, in PHP, the SessionID name is called PHPSESSID. The following code is attached
Copy Code code as follows:
Import java.io.IOException;
Import java.io.UnsupportedEncodingException;
Import java.util.List;
Import org.apache.http.HttpEntity;
Import Org.apache.http.HttpResponse;
Import Org.apache.http.HttpStatus;
Import Org.apache.http.NameValuePair;
Import org.apache.http.client.ClientProtocolException;
Import Org.apache.http.client.CookieStore;
Import org.apache.http.client.entity.UrlEncodedFormEntity;
Import Org.apache.http.client.methods.HttpPost;
Import Org.apache.http.cookie.Cookie;
Import org.apache.http.impl.client.DefaultHttpClient;
Import Org.apache.http.protocol.HTTP;
Import Org.apache.http.util.EntityUtils;
public class Myhttpclient implements Inetconfig {
Private Defaulthttpclient httpclient;
Private HttpPost HttpPost;
Private Httpentity httpentity;
Private HttpResponse HttpResponse;
public static String PHPSESSID = null;
Public Lvhttpclient () {
}
public string executerequest (string path, list<namevaluepair> params) {
String ret = "None";
try {
This.httppost = new HttpPost (basepath + path);
httpentity = new Urlencodedformentity (params, HTTP. UTF_8);
Httppost.setentity (httpentity);
The first time is generally not yet assigned, if the value of the SessionID to the server
if (null!= PHPSESSID) {
Httppost.setheader ("Cookie", "phpsessid=" + phpsessid);
}
HttpClient = new Defaulthttpclient ();
catch (Unsupportedencodingexception e) {
E.printstacktrace ();
}
try {
HttpResponse = Httpclient.execute (HttpPost);
if (Httpresponse.getstatusline (). Getstatuscode () = = HTTPSTATUS.SC_OK) {
httpentity entity = httpresponse.getentity ();
ret = entityutils.tostring (entity);
Cookiestore Mcookiestore = Httpclient.getcookiestore ();
list<cookie> cookies = mcookiestore.getcookies ();
for (int i = 0; i < cookies.size (); i++) {
Here is read cookie[' PHPSESSID ' values exist in static variables, guaranteed to be the same value each time
if ("Phpsessid". Equals (Cookies.get (i). GetName ())) {
PHPSESSID = Cookies.get (i). GetValue ();
Break
}
}
}
catch (Clientprotocolexception e) {
E.printstacktrace ();
catch (IOException e) {
E.printstacktrace ();
}
return ret;
}
}
In fact, the principle of the web is the same, based on the HTTP protocol, then if the site is not PHP to do, that is called SessionID cookie may be called another, it is not PHPSESSID, but is called another name, this may be specific circumstances to check.
In fact, not just the Android program, any other program needs to do so only in the HTTP protocol request header plus send the corresponding sessionid. Just this method can help understand sessionid, in fact, there is another way if more general, you can just all the cookies sent back to the server each time, you can solve the session to maintain the problem, but this may be slightly larger network traffic overhead.
Here we see a sessionid nature, by the way mark.
The essence of SessionID
first, the client used cookies to save the SessionID
The client uses cookies to save the SessionID, when we request the server, will send this SessionID together to the server, the server will be in memory to search for the corresponding SessionID, if found the corresponding SessionID, indicating that we are in the state of login, have appropriate permissions; If you do not find the corresponding SessionID, this means that either we turn the browser off (which explains why) or the session times out (no more than 20 minutes for the server), and the session is cleared by the server, The server will assign you a new SessionID. You have to log in again and save the new SessionID in a cookie.
When the browser is not turned off (this time if the SessionID has been saved in a cookie) This sessionid will always be saved in the browser, each time the request will be submitted to the server SessionID, so the server think we are logged in; If the server is not requested for too long, the server thinks we have turned the browser off, this time the server will remove the SessionID from memory, this time if we go to request the server, SessionID no longer exist, so the server does not find the corresponding in memory SessionID, so there will be a new SessionID, this time we have to log in again.
second, the client does not save SessionID with cookies
This time if we request a server, because the server will think you are a new request because the SessionID is not submitted, the server will assign you a new SessionID, which is Why is it that every time we open a new browser (regardless of whether we have logged in before) a new SessionID (or it will let us log in again) will be generated.
When we turn the browser off, then open the browser and then request the page, it will let us log in, this is why? We have already logged in, and have not timed out, SessionID must still be on the server, why now we have to log in again? This is because we turn off browsing and request, the information we submitted did not submit the SessionID to the server together, so the server did not know that we are the same person, so the server for us to assign a new SessionID, To make an analogy: The browser is like a person to go to the bank to open an account, and the server is like a bank, this time to go to the bank to account for the person obviously does not have an account (SessionID), so after the bank, the bank staff asked if there is no account, he said no, this time the bank will So it can be said that every time a new browser is opened to request a page, the server will think that this is a new request, he assigned you a new SessionID.
