Detailed explanation of the use of session mechanism

Introduction of Session:

Since HTTP is a stateless protocol, when the client and the server are delivered, the connection is broken, which leads to how to transfer information between several pages

such as client information, or if it is to write a shopping program, you must remember the information in the shopping cart, JSP provides four ways to track the status of customers

1: Create an anonymous form field

2: Use URL to pass

3: Using persistent cookies

4: Session mechanism using sessions

The fourth highest relative to security level, session refers to a period of time between the client and the server a series of related interaction process.

Customers may access different server resources in one session, or they may access the same page multiple times.

The Sevlet container assigns a unique identifier to the httpsession, which becomes sessionid, and the container places the SessionID in the client's cookies, and every time the client sends an HTTP request, The servlet can read SessionID in the Httdivquest object. Then more SessionID find the corresponding session object, thus obtaining the client state information.

Method of Session:

GetID () Gets the ID number of the session.

Setattribuate (string Name,object obj) saves a pair of name, value objects

GetAttribute (String name) gets the property of name

IsNew () determines when the session is new.

Ways to abolish sesion objects "

1:setmaxinactival () by setting the maximum inactivity time

2: Close the client browser

3: Call the session's invalidate () method

If the client does not support cookies, then the session ID number cannot be saved, then a method of tracking the session is proposed in the Java API, and the container can rewrite the URL of the client request. Add SessionID to the URL response.encodeurl ("**.jsp");

Advanced topic for session: Persistence of sessions when a session begins, the container creates a class for it, but if 10,000 people log in at the same time, the information is transferred from memory to the file system or to the database. Call down memory when you need access, improve memory utilization, and facilitate recovery of data (failure will lose information).

From memory to file system alive database, using the Java Language Object serialization technology, the object from the file alive database extracted into memory using the Java language provided object deserialization technology.