- HTTP is a stateless protocol
- The server can write content to the client.
- Cookie can only be text content
- The client can block cookie writing.
- There are two types of cookies. One is the window sub-window which exists in the memory. Second, text-based files are stored in cookies.
- Cookie cross-origin access.
- Cookie set in the parent path. The sub-path can be accessed and read. Cookie set in the sub-path. The parent path cannot be read. The path is a URL, not a real file path.
Write COOKIE:
Cookie = new cookie ("cookiename", "cookievalue ");
Response. addcookie (cookie );
Cookie. setmaxage (3600 );
Read COOKIE:
Cookie [] cookies = request. getcookies ();
Cookie cook = Cookies [0];
Cook. Get
Session
Cookie stores information on the client and can only store strings. The size is 4 kb. You can set the expiration time if there is an expiration time.
Session stores information on the server. It can be stored in any type, with no size limit, or an expiration time.
Save seesion:
Httpsession session = request. getseesion (true); // create
Httpsession is an interface.
Session. GETID ();
Session. getattribute ("name ");
Session. setattribute ("name", value );
Session. getcreationtime ();
Session. getlastaccessedtime ();
In a browser window with parent-child relationship, you can go to the session value.
When a session is created, a cookie is sent to the client, storing the sessionid value.
Request. getrequestedsessionid () to obtain the sessionid value from the client.
Request. isrequestedfromcookie () sessionid is obtained from the cookie.
Request. getrequesturl (). tostring () to obtain the request URL.
Response. encodeurl (request. getrequesturl (): rewrite the URL to prevent session useless because cookie is disabled on the client. Maintain the session status between the client and the server.
Session Summary:
1. It is a piece of server memory. (Key-value)
2. corresponds to the client window (and subwindow.
3. There is an expiration time. The client and server have the corresponding sessionid.
4. Maintain the correspondence between the client and the server to prevent problems caused by disabling cookies: Memory cookies and URL rewriting.