Cookie-Session, sessioncookie

Cookie-Session, sessioncookie

　　Session: A user opens a browser, clicks on multiple hyperlinks, accesses multiple web resources on the server, and closes the browser. The whole process is called a session.

 

Cookie

Cookie is a client technology. A program writes data of each user to the user's browser in the form of a cookie. When a user uses a browser to access the web resources on the server, the user will carry their own data. In this way, web resources process user data.

 

Cookie storage location

If the Expires expiration time is set, the Cookie is stored on the hard disk. If no expiration time is set, the Cookie is stored in the memory and disappears as the browser is closed.

Locations on Cookies hard drive on Win7:

Cookie: C:/Users/[user name]/AppData/Roaming/Microsoft/Windows/Cookies/
C:/Users/[user name]/AppData/Roaming/Microsoft/Windows/Cookies/Low/

Some of these folders are hidden by the operating system. You can directly enter the address to find them.

 

HttpSession

Session is a server-side technology. With this technology, the server can create an exclusive HttpSession object for each user's browser at runtime. Because session is exclusive to the user's browser, therefore, when users access the web Resources of the server, they can put their own data in their respective sessions. When users access other web resources on the server, other web resources then retrieve data from their respective sessions to serve users.

In WEB development, the server can create a session object (session Object) for each user's browser. Note: a browser exclusively occupies a session object (by default ). Therefore, when you need to save user data, the server program can write user data to the session exclusively occupied by the user's browser. When you use the browser to access other programs, other programs can extract the user data from the user's session to serve the user. The main difference between Session and Cookie is that Cookie is to write user data to the user's browser. Session technology writes user data to a session exclusively owned by the user. The Session object is created by the server. developers can call the getSession method of the request object to obtain the session object.

Domain objects in Java Servlet

Request and response objects for each user's request: These two objects are re-created for each request. Therefore, these two objects cannot store global variables and can be used for request forwarding, you can pass the request object of this request to the next time.
Servlet and ServletContext objects target all the requests of all users. These objects are created when the first person on the website accesses them. They will always exist and the server is closed. Therefore, ServletContext can store global information, but it is for all users. For example, this object can be used by the website traffic count function. The disadvantage is that all objects can be accessed.
Cookie, Session object for all requests of each user, when we use request. when getSession () gets an HttpSession object, the server will allocate an ID for it, and each user's information will be stored in a different HttpSession object, and the response will be returned, the server saves the Session Object ID as a Cookie. For example:
Cookie: JSESSIONID = 2DB77EDB2964DFC61828ECBCC8076258

In this way, the browser will bring this Cookie to the server every time it requests the server. Hi, dude, the HttpSession object with ID is mine. I want to retrieve the information in it.

 

Process:

1. When you access the server for the first time, the Set-Cookie information will be displayed in the Response Header (this information will appear in the response header only when you access the server for the first time)

　　

2. This Cookie will be sent to the server in each request header after each request.

　　

Problem:
By default, Session is supported by cookies. However, if some client browsers disable cookies, will we be unable to use the Session?
Solution:
The URL rewriting function is set to prevent users from disabling cookies and failing to use sessions. When the browser detects that the Cookie is disabled, add the sessionid to the end of the URL to transfer the cookie to the server, so that the session can be used without Cookie.
Form:
Http: // localhost/Web/B; jsessionid = 2DB77EDB2964DFC61828ECBCC8076258? Name = zz

In this way, the jessionid is transmitted from the client to the server to identify the session. Note that jsessionid is different from the general url parameter transmission method, not as a parameter in? Followed by; to separate the URLs. In this way, when the user disables the cookie, we can also pass the jsessionid to use the session.

 

Session inactive time: the default value is 30 minutes.
Void setMaxInactiveInterval (int interval );

All sessions should be destroyed when the website exits.
Void invalidate ();

 

Internal execution principle of getSession:
The first request. getSession () creates the session object.
The request object for each request is different, but the session object obtained by request. getSession () is the same.
Problem:
How does the server determine whether getSession () is created or obtained?
Solution:
When a session object is created, the server adds the Cookie: sessionId = value. In the future, all browser requests will carry this Cookie. The server uses this Cookie to determine whether a session object has been created.
Note:
Here, sessionId is just a concept, meaning: it identifies the unique value of a session, which is JSESSIONID in Tomcat. On other servers, the framework may set other names.

Request. getSession () is equivalent to request. getSession (true). true means that the Session object already exists and an existing object is returned. If no Session object exists, a new object is created.

 

Serialization:

The Tomcat Work directory stores Object serialization and the SESSION. ser file.
The object stored in HttpSession should implement the serialization interface, so that when the server is closed, the data in HttpSession will not disappear after restart.