Dark Horse day05 session& reset the life cycle of the Jsessionid

HttpSession: In the server, create a unique memory space for the browser in which to save session-related information.
4.1session is used as a domain: he is one of the four domain objects in the Java EE, scoped to the entire session.
4.2session life cycle: At the first call to the Reqeust.getsession () method, the server checks that there is already a corresponding session, and if not, creates a session in memory and returns.
When the session is not used for a period of time, typically 30 minutes (this value can be configured in the Web. XML configuration <session-config> can be configured using Tomcatmanager), the server destroys the session
When the server is forcibly closed, the session with no expiration will be destroyed.
If the invalidate () provided by the session is called, the session can be destroyed immediately.
4.3session principle: When the server first calls the Request.getsession () method, it creates a session object in memory that has a unique ID value. This ID value will be sent to the browser as a cookie (Jsessionid), and the browser will take this cookie each time it is accessed, and the server will use this cookie to differentiate the browser from the corresponding session space.
4.4 Different browsers in the same computer use the same Session:jsessionid this cookie is saved in the browser memory by default, and we can create a cookie with the same path as the same name and set the MaxAge value so that it is saved to the hard disk. In order to achieve a unified computer in different browsers common one jsessionid thereby using the same session.
4.5 The browser that disables cookies can also use the session: Because the session is based on cookies, if cookies are disabled, the session is unavailable, and we can rewrite all the URLs provided to the browser. Keep up with Jseesionid after all URLs to ensure that even if cookies are disabled, they can be brought back to jsessionid in the form of a URL, so that the session can be used. To rewrite all URLs is a very expensive job, and generally we will not do so.
Response. Encoderedirecturl (Java.lang.string?url) Use this method if this URL is the address of the redirect operation
Response. Encodeurl (Java.lang.string?url) Use this method if this URL is a normal connection
Experiment: Use the session to achieve a simple shopping function, and provide support for multiple browser sharing sessions on the same computer and for disabling Cookie browser.
Experiment: Use the session to complete the user login: When the user login in the session to save the user name, on the other page can check the session in the existence of the user name, if there is a thought has been logged in. The logoff process is the process of killing the session.

Experiment: Use session completion to prevent form recurrence: When a form page is provided, a random value is hidden in the form, and the random number is saved to the session, when the form is submitted, check whether the random number is the same as the random number in the session, if the same is allowed to register, Immediately after registration, delete the random number in the session, if the difference is considered a duplicate submission of the form.

Experiment: The function of purchasing and paying bills

1. Create a JSP to implement a hyperlink to Buyservlet&payservlet and take a parameter.

<%@ page language= "java" import= "java.util.*" pageencoding= "UTF-8"%><! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" >
Operating interface:


2. In the Buyservlet implementation to get the parameters by Request.getparamer (), and then set this parameter to the Session Field object. The following settings cookie code is designed to enable instant shutdown of the browser (by default, the browser is closed, the cookie is dead, that is, the session is lost) can also write data to the browser. Thus closing the browser can also be realized payment (the one who knows the purchase will not be reported null)
package cn.itheima.session;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.http.cookie;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Javax.servlet.http.httpsession;public class Buyservlet extends HttpServlet {public void doget (httpservletrequest Request, HttpServletResponse response) throws Servletexception, IOException {//Solve Chinese garbled problem get Submit method//1. Get parameters String prod= Request.getparameter ("prod");p rod = new String (prod.getbytes ("iso8859-1"), "Utf-8"),//2. Place in the session field HttpSession Session = Request.getsession (); Session.setattribute ("prod", prod),//3. Rewriting the cookie to reset the Jsessionid's claim period cookie C=new Cookie ("Jsessionid", Session.getid ()), C.setpath (Request.getcontextpath ()); C.setmaxage (1800); Response.addcookie ( c);} public void DoPost (HttpServletRequest request, httpservletresponse response) throws Servletexception, IOException { Doget (request, Response);}} 
Click to buy
3.PayServlet Realize payment function
Package Cn.itheima.session;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;public class Payservlet extends HttpServlet {public void doget ( HttpServletRequest request, HttpServletResponse response) throws Servletexception, IOException { Response.setcontenttype ("Text/html;charset=utf-8");//1. Gets session String prod = (String) request.getsession (). GetAttribute ("prod"); Response.getwriter (). Write ("You have purchased a value of $9999" +prod); public void DoPost (HttpServletRequest request, httpservletresponse response) throws Servletexception, IOException { Doget (request, Response);}}
Operation Result:


Everyone can try to close the browser .... can also realize the function of payment!
Dark Horse day05 session& reset the life cycle of the Jsessionid