Different session tracking technologies

Hidden, URL, cookie

JSP Session tracking technology   Cookie: The name/value pair that the server sends to the browser in a response header. The retention time of the browser is specified by the cookie expiration time attribute. When a browser sends a request to a server, it checks the cookies it saves and contains all the cookies received from the same server in the request header. Session tracking: Do not directly transmit all status information between the browser and the server, but only pass the session ID ). The browser sends the sessionid, and the server tracks all information associated with the session. You can pass sessionid through cookie and URL rewrite technology. Most containers support these two technologies. The server cannot tell whether the user has closed the browser. Therefore, closing the browser means that all session data associated with the previous session is retained on the server until the session times out, and the server destroys the session object. You can use multiple methods to trace the session IDs of requests in the same session, including cookie and URL re-writing. URL Rewrite: Encode the session ID in the URL. For example, counter. jjsp; jsessionnid = be8d697876787876befdbde898789098980. Even if the browser does not support cookies, session tracking can be implemented. For URL rewrite, the server extracts the session ID from the request URI and associates the request with the corresponding session. Then, when accessing session data, the Processing Method of the JSP page is the same as that used when Cookie is used to track session IDs. Therefore, sesssion relies on cookie or URL duplication technology. To provide session tracking for browsers that do not support cookies, you must use the <C: URL> action to rewrite all URLs in the application. This means that all pages in the application (at least those pages with references to other pages) must be JSP pages so that page references can be dynamically encoded, if an ur is omitted, the service will lose the trace of the session. Hide form fields: The hidden form field adds the session ID to the hidden form of HTML (type: hidden input ). Redirection and forwarding can be used to call another page, redirection and forwarding. I) forwarding: <JSP: Forward page = "userinfo. JSP "/> forwarding. the JSP Container uses an internal method to call the target page. The new page continues to process the same request, and the browser does not know that this process involves multiple pages. The browser URL remains unchanged. Ii) redirection: <C: Redirect url = "userinfo. jsp"/> Redirection is different from forwarding. When redirecting, the first page notifies the browser to send a request for a new target page. The URL displayed by the browser is the URL of the new page. Redirection speed is slower than forwarding because the browser must send a new request. At the same time, the redirection generates a new request, so after a redirection, the objects in the request scope will no longer be available.