Deep understanding of cookies and session

Cookies and sessions are the basics of web development and more important knowledge, cookies and sessions are used for user state management. Simply put, they are only one configuration item in HTTP, and only one class in the servlet specification; HTTP has limits on the number and size of cookies, and sessions are not easy to share on many servers.

The session and cookie function to maintain the interaction between the user and the backend server. They have their own strengths and weaknesses. But when a server accesses a large amount of time, such as hundreds of millions of PV a day, if each cookie occupies 200 bytes, then it needs how much bandwidth. So when you visit a large number of times you want to use session, but the fatal weakness of the session is not easy to share between multiple servers, which also limits the use of the session.

The above information is from Ali's Java Web Technology Insider

In order to solve the cookie and session defects, and combine their advantages, using the session of the distributed framework, can save bandwidth, and solve the synchronization problem session, specific can refer to Ali internal technical data Java Web Technology Insider.

1. State management
The server manages the state of user access
HTTP requests are one-time requests, but the same user may send multiple requests to the server via the HTTP protocol
Multiple requests for administrative users (logon start to exit, the middle of multiple requests to the same user), at this time
Requires state management of the user
Two ways of managing the body:
1. Save Data management status (cookies) on the client
2. Save data Management status on the server side (session)

2.session
The first time a user accesses a server, the server creates a separate session object (HttpSession) for each user.
and assign a unique ID (SESSIONID) to each session, SessionId saved to the client via cookies,
。 When the user accesses the server again, it is necessary to carry the corresponding SessionID to the server, the server through this unique
SessionID can find the user's corresponding session object to manage user status
1. Get Session Object
A.request.getsession (flag);
When Flag=true, the server finds out if the user is using SessionID, and if SessionID is null,
The server creates a new Session object to return to the user (sessionId)
If SessionID exists, the session object is found according to the corresponding SessionID
object is returned directly if it does not exist, and a new session object is created and returned.
When the Flag=false server finds out if the user is using SessionID, or if SessionID is null, returns
Is null, if SessionID, the session object is found according to the corresponding SessionID
object is returned directly, or null if it does not exist.
B.request.getsession ();
Equivalent to Request.getsession (true);
2.session Common API
Deposit: Session.setattribute (key,value);
Take: Session.getattribute (key);
Delete: Session.removeattribute (key);


-------------------------------------------------------
1. State management
Prerequisite: HTTP protocol requests are one-time requests. But under normal circumstances, you need to remember the user, manage the user status
2. State Management method
1. Client save data (cookies)
2. Server Side (session)
3.session
Because the user first accesses, the server checks that SessionID does not create the session object and SessionID the object
Send to the user (response object, in Cookie Way), when the user accesses again, need to carry corresponding SessionID
(Request object, in Cookide way), the server checks the corresponding SessionID, exists to find the corresponding Session object
and returned to the user. If the SessionID exists and the corresponding session object does not exist, the server creates a new sessions object and
Return this new SessionID to the user.
API for 4.session
A.httpsession session=request.getsession (True/false);
B.httpsession session=request.getsession ();
public static HttpSession getsession () {
Return getsession (TRUE);
}
Overloaded methods are often reused between
For example: The distance between a point and a circle
Class circle{
Double getdistance (int x,int y) {
Return Math.sqrt (this.x-x) (this.x-x)-(this.y-y) (this.y-y));
}
Double getdistance (point P) {
Return Getdistance (P.getx (), p.gety ());
}
}
C.session.setattribute (Key,value);
D.session.getattribute (key);-value (Object)
E.session.removeattribute (key);
F.session.getsessionid ();
Practice uses the session to record the number of times a user has visited
The validity period of 5.session
All user's session objects are saved on the server, the server space is limited, all cannot permanently save session
That is, the valid time that the Sesion object is saved in the server
Set Session Expiration:
1.//Set Session Expiration
Session.setmaxinactiveinterval (15);
2. Server Settings
<session-config>
<session-timeout>30</session-timeout>
</session-config>
3. Configure in the web.xml corresponding to the servlet
6. Kick out the session
Session.invalidate ();
7.Session failure
Disabling cookies causes session invalidation
Principle: The client cannot save the SessionID sent by the server, so there is no sessionid on the access, then
Session creation principle, the server will create a new sessions object to return to the user
Workaround: URL Rewrite

Original: http://blog.csdn.net/j903829182/article/details/39855221