Session is a server-side storage space maintained by the application server. When you connect to the server, the server generates a unique sessionid, use this sessionid as the identifier to access the session bucket on the server. Sessionid is saved to the client and saved using cookies. When a user submits a page, the sessionid is submitted to the server to access session data. This process requires no developer intervention. Therefore, once the cookie is disabled on the client, the session will also become invalid.
The server can also pass the sessionid value through URL rewriting, so it is not completely dependent on cookies. If the client cookie is disabled, the server can automatically save the session value by rewriting the URL, and this process is transparent to the programmer.
You can try to use the request even if no cookie is written. getcookies (); the length of the retrieved cookie array is also 1, and the cookie name is JSESSIONID. There is also a long binary string, which is the value of sessionid.
Cookie is the storage space of the client, which is maintained by the browser.
In some situations such as voting, we usually require that each person only vote for one vote because of the principles of fairness. In some web development, similar situations are also found. At this time, we usually use cookies to implement such a vote, for example, the following code:
<% Cookie [] cookies = request. getcookies ();
If (cookies. lenght = 0 | cookies = NULL)
Dostufffornewbie ();
// No Access
}
Else
{
Dostuffforreturnvisitor (); // already accessed
}
%>
This is an easy-to-understand principle. Check the existence of a cookie. If the existence of a cookie indicates that the Code that has been written to the cookie has been run. However, after the above Code is run, dostuffforreturnvisitor () is executed whenever the result is returned (), you can use control panel-Internet option-settings-to view the file but cannot see the generated cookie file. It is strange that the code is clearly correct. However, if there is a cookie, it will be displayed.
Cookie [] cookies = request. getcookies ();
If (cookies. lenght = 0 | cookies = NULL)
Out. println ("has not visited this website ");
}
Else
{
For (INT I = 0; I <cookie. length; I ++)
{
Out. println ("Cookie name:" + Cookies [I]. getname () + "cookie value:" +
Cookie [I]. getvalue ());
}
}
Running result:
Cookie name: JSESSIONID cookie value: kwjhug6jjm65hs2k6
Why is there a cookie? As we all know, HTTP is a stateless protocol. Every time a customer reads a web page, the server opens a new session, and the server does not automatically maintain the customer's context information, so how can we implement the shopping cart in the online store? session is a mechanism for storing context information. It targets every user and stores the variable values on the server, session IDs are used to differentiate different customers. sessions are implemented based on cookies or URL rewriting. By default, the system creates an output cookie named JSESSIONID, which is called session cookie, to distinguish persistent
Cookies, which we usually call cookies. Note that session cookies are stored in the browser memory and not written to the hard disk. This is the JSESSIONID we just saw, we usually cannot see JSESSIONID, but when we disable the cookie of the browser, the web server will use URL rewriting to pass the sessionid, we can see strings such as sessionid = kwjhug6jjm65hs2k6 in the address bar.
After understanding the principles, we can easily distinguish the differences between persistent cookies and session cookies. The discussions on the security of the two on the Internet are clear. session cookies are for a session, session Cookie disappears, while the persistent cookie is only a piece of text (usually encrypted) stored on the client's hard disk ), in addition, Cookie spoofing and cross-site scripting attacks against cookies are not as secure as session cookies.
Generally, session cookies cannot be used across windows. When you open a new browser window to enter the same page, the system will give you a new sessionid, in this way, we cannot achieve the purpose of information sharing. At this time, we can first save the sessionid in the persistent cookie, and then read it out in the new window to get the sessionid of the previous window, in this way, session cookie and persistent cookie are combined to achieve cross-window session tracking ).
In some web development books, session and cookie are usually used as two parallel HTTP transmission methods. session cookies are on the server side, and persistent cookies are on the client side, however, session is based on cookies. It is not difficult to select the appropriate technology to develop Web services by understanding the relationship and difference between the two.
Cache is the server-side cache, which is accessible and shared by all users.