Java practice of 04JavaWeb-03 session technology, java04javaweb-03
I. Introduction to session Technology 1. What is session? Why is session technology required?
Session: the process from opening a browser, accessing a website, to closing the browser is called a session. The http protocol is in the status.
2. Classification of session Technology
Client Storage Technology: Cookie
Server storage technology: Session
What is the difference between Cookie and Session?
1) User information stored in cookies is stored on the client. Session stores data on the server, but the Session encoding id must be stored on the client.
2) Cookie is relatively insecure in terms of security, and Session is relatively secure.
3) Performance: based on the actual situation
Ii. Cookie of session Technology
Cookie technology stores data on the client
1. How to Write a cookie to the client
1) create a Cookie object
Cookie cookie = new Cookie (name, value );
2) Write a cookie to the client
Response. addCookie (cookie );
Client: the client parses the http Response and has a cookie in the Response Header. The client automatically stores the cookie information in the client cache.
2. How to obtain a Cookie from the client
1) obtain all cookies carried by the client
Cookies [] request. getCookies ();
2) Obtain a specific cookie
Traverse all cookies
Get the name of a cookie through getName ()
Get the value of a cookie through getValue ()
3. Cookie setting details
1) Session-level cookies and persistent cookies
Session-level cookie: The session end cookie is cleared.
Persistent cookies: store cookies on disks.
Time saved on disk
Cookie. setMaxAge (seconds );
Note: If you want to delete a cookie that has been stored on the disk
Set the cookie persistence time of the same name to 0.
The path of the cookie to be deleted is set to the same as the path of the cookie stored on the disk (that is, the setPath of the two cookies is consistent)
2) set the path carried by the cookie
By default, a cookie is carried in the directory where the generated cookie resource is located.
Cookie. setPath (path with cookie );
When setting the cookie carrying path, it starts with "/", and "/" indicates the current web server.
For example:
Cookie. setPath ("/"), which is carried by all resources that access the web Server
Cookie. setPath ("/home"), carrying cookie during home Application
3) set third-party cookies (learn more)
Cookie. setDomain (Domain Name );
Third-party cookies are offensive
4. The above code implementation
1 response. setContentType ("text/html; charset = UTF-8"); 2 // 1. Cookie creation time 3 SimpleDateFormat format = new SimpleDateFormat ("yyyy-MM-dd hh: mm: ss "); 4 String accessTime = format. format (new Date (); 5 Cookie cookie = new Cookie ("accessTime", accessTime ); 6 // 1.1 set the cookie persistence time ---- storage time on the disk 7 // cookie. setMaxAge (60*10); 8 // 1.2 sets the cookie carrying path/Representing the web Server 9 cookie. setPath ("/day11_208/abc/accessTime"); 10 // 2. Set Cookie to client 11 response. addCookie (cookie); 12 // 3. Obtain cookie13 String accessTime_client = null for the time carried by the client; 14 Cookie [] cookie = request. getCookies (); 15 if (cookies! = Null) {16 for (Cookie coo: cookies) {17 // retrieve the cookie object name 18 String cookieName = coo. getName (); 19 if ("accessTime ". equals (cookieName) {20 // retrieve the cookie value 21 accessTime_client = cookie. getValue (); 22} 23} 24} 25 26 // 4. display the last access time for the user 27 if (accessTime_client! = Null) {28 response. getWriter (). write ("your last access time is:" + accessTime_client); 29} else {30 // The first access to 31 response. getWriter (). write ("this is your first visit"); 32}
Iii. session technology Session1. how to create a session/obtain a session
HttpSession session = request. getSession ();
Internal principle of the above method:
When the request calls the getSession method, it will check whether the user has a memory area in the web application. If any, it will directly return the address in this memory area, create a new session region if no region exists.
What does the server determine whether a user already has a session?
Based on the session id ---> JSESSIONID
2. session Lifecycle
Create: The first time you call request. getSession ()
Destruction:
1) Disable session destruction on the server
2) The default session timeout is 30 minutes.
Computing point start from: 30 minutes after the last operation of the site
3) manually destroy the session
Session. invalidate ();
3. Session is a domain object
The Session uses cookies. The JSESSIONID of the same Session is the same.
If you close the browser and access the resource, the session will be created again.
How to Make session persistent -----> store Cookie persistence of JSESSIONID
Get the packet capture tool:
Set-Cookie: JSESSIONID = 6232D4782FC69B1D780261E93DFA5FBB; Path =/day11_208 /;
Manually create a Cookie and add a max-age based on the preceding cookie.
1 // manually create a Cookie to store JSESSIONID2 // Set-Cookie: JSESSIONID = 6232D4782FC69B1D780261E93DFA5FBB; Path =/home/; 3 Cookie cookie = new Cookie ("JSESSIONID", session. getId (); 4 cookie. setPath ("/home/"); 5 cookie. setMaxAge (60*10); 6 7 response. addCookie (cookie );
If the client disables the Cookie, the client cannot store the Cookie and the JSESSIONID is lost. How can this problem be solved?
Solution: rewrite the URL by using a semicolon after each url address; concatenate JSESSIONID
1 HttpSession session = request.getSession();2 System.out.println(session.getId());3 String url = "/home/index.jsp";4 url = response.encodeRedirectURL(url);5 System.out.println(url);6 response.sendRedirect(url);
Http: // localhost/home/index. jsp; jsessionid = 377B2F0501FF9FE643D7D88F4E883FFD