Session is a server-side storage space maintained by the application server, when the user connects to the server, a unique SessionID is generated by the server, which uses the SessionID as an identifier to access the server-side session storage space. And SessionID this data is saved to the client, saved with a cookie, when the user submits the page, the SessionID will be submitted to the server side, to access the session data. This process is not a developer intervention. So once the client disables cookies, the session will also expire.
The server can also pass the SessionID value through URL rewriting, so it is not entirely dependent on cookies. If the client cookie is disabled, the server can automatically save the session value by rewriting the URL, and the process is transparent to the programmer.
You can try it, even if you do not write cookies, use Request.getcookies (), the length of the cookie array is also 1, and the name of this cookie is jsessionid, and there is a long binary string, Is the value of the SessionID.
A cookie is a client's storage space, maintained by a browser.
In some polls and the like, we tend to ask everyone to vote only for the principle of fairness, in some web development there are similar situations, we usually use cookies, such as the following code:
<% Cookie[]cookies = Request.getcookies ();
if (Cookies.lenght = = 0 | | | cookies = NULL)
Dostufffornewbie ();
has not been visited
}
Else
{
Dostuffforreturnvisitor (); I've already visited it.
}
% >
This is very easy to understand, to detect the existence of a cookie, if there is a description has been run to write the cookie code, but after running the above code, whenever the results are executed dostuffforreturnvisitor (), Through the Control Panel-internet options-Settings-view file but always do not see the generated cookie file, strange, the code is clearly not a problem, but since there is a cookie, then show it.
Cookie[]cookies = Request.getcookies ();
if (Cookies.lenght = = 0 | | | cookies = NULL)
Out.println ("Have not visited this website");
}
Else
{
for (int i = 0; i < cookie.length; i++)
{
OUT.PRINTLN ("Cookie name:" + cookies[i].getname () + "cookie value:" +
Cookie[i].getvalue ());
}
}
Operation Result:
Cookie Name:jsessionid Cookie Value:kwjhug6jjm65hs2k6
Why is there a cookie, as we all know, HTTP is a stateless protocol, every time a customer reads a Web page, the server opens a new session, and the server does not automatically maintain the customer's contextual information, then how to implement the shopping cart in the online store, Session is a mechanism to save context information, it is for each user, the value of the variable is stored on the server side, through the sessionid to distinguish between different customers, the session is based on cookie or URL rewrite, the default use of cookies to achieve, The system creates an output cookie called Jsessionid, which we call a session cookie to distinguish between persistent cookies, which is what we normally call cookies, notice the session Cookies are stored in the browser memory, not written to the hard disk, which is the jsessionid we have just seen, we usually do not see jsessionid, but when we disable the browser cookie, The Web server passes SessionID in a URL rewrite, so we can see strings like sessionid=kwjhug6jjm65hs2k6 in the address bar.
Understanding the principle, we can easily distinguish between persistent cookies and session cookies, the online discussion on the security of the two is also clear, session cookie for a session, sessions end The cookie disappears, and the persistent cookie is just a piece of text (usually encrypted) that exists on the client's hard drive, and may be subject to cookie spoofing and cross-site scripting attacks against cookies, which are not as secure as session cookies.
Usually the session cookie is not used across windows, and when you open a new browser window into the same page, the system will give you a new SessionID, so that the purpose of our information sharing is not reached, At this point we can first save the SessionID in the persistent cookie, and then read it in a new window, we can get the previous window SessionID, so through the session cookie and persistent The combination of cookies allows us to implement a cross-window session tracking (conversation tracking).
In some Web development books, the session and cookie are often simply used as two kinds of parallel HTTP transmission information, session cookies located on the server side, the persistent cookie is located on the client, But the session is based on a cookie, understand the relationship between the two and the difference, we will not be difficult to choose the right technology to develop Web service.
Cache, is the server-side caching that all users can access and share.
Briefly describe session, Cookie, and cache differences