El expression language
El is expression Language, which is designed to simplify the syntax of the JSP. Let's see a few examples.
${test} will be translated into <%=test%>${test.name} will be translated into <%=test.getname ()%>${sessionscope.username}} will be translated into <%= Session.getattribute ("username")%>
Only Sessionscope, Requestscope, etc. will be translated into getattribute ("xxx"), while other objects will be translated into getxxx ().
El also supports arithmetic, logical operations, and syntax as in Java. There are hidden objects in El: PageContext, Pagescope, Requestscope, Sessionscope, Applicationscope, param, paramvalues, header, Headervalues, cookies, Initparam. Param is equivalent to request.getparameter,paramvalues equivalent to Request.getparametervalues, which returns an array of strings.
Java Beanjavabean is just a mature convention, and many frameworks rely on this convention to simplify a lot of data. JavaBean is nothing special compared to ordinary classes, which is essentially a common Java class and does not require a particular parent class. As long as the class that meets the following rules is JavaBean:
- has a default constructor
- Member variables are private and can only be accessed through GETXX and SETXX
- Serializable (Implements Serializable. Optional, meaning in distributed systems)
Cookies
A cookie is a small piece of text that is stored on a browser and is a set of key-value pairs. Cookies contain three attributes, expiration time, path, domain name, so the cookie looks like this in the HTTP answer:
SET-COOKIE:NAME=XYZ; Expires=friday, 04-feb-07 22:03:38 GMT; path=/; Domain=example.com
COOKIE:NAME=XYZ is added when the client sends a request later.
The cookie class in a servlet has the following methods:
JSP can add multiple cookies to the answer, each cookie object is a key-value pair and can write multiple cookies to the HTTP answer. The following is an example:
Cookie cookie = new Cookie ("Key", "value"); Cookie.setmaxage (86400); Response.addcookie (cookie);
The read cookie can be used to obtain an array of cookies through request.getcookies. Because there may be multiple cookie names in the same situation, it is not possible to directly obtain the corresponding cookie directly by name.
Deleting a cookie can set MaxAge to 0 and then call Response.addcookie to join the answer.
Session Management. HTTP is a stateless protocol, so servers and browsers need a way to differentiate the user's identity. First, the browser sends a request to the server to detect if there is a session ID in the cookie. If the server "does not know" the session ID (or if it cannot be found), then the server creates a new unique number, which is placed in the map, and key is the new session Id,value is the empty sessions object. The browser writes down the cookie and uses it in subsequent requests. If the server recognizes the session ID, then the server gets the corresponding sessions object from the map.
SessionID can be placed in a cookie or placed in a post form, or in a URL, such as http://example.com/page; jsessionid=45678943.
The following methods are commonly used for session objects:
The session expiration time can be configured in the Web. xml file, in minutes, and the default timeout in Tomcat is 30 minutes.
<session-config> <session-timeout>15</session-timeout></session-config>
The difference between a session and a cookie. Before analyzing the differences, it is better to figure out what caused them to be different. When HTTP was invented, there was no concept of a session, so developers could only store important data in a cookie. However, the cookie data is stored in the browser, the user can be arbitrarily modified, very insecure. Therefore, some people put forward the concept of the session, in the cookie only a series of randomly generated SessionID, the server based on SessionID to find the corresponding data, so that the important data is stored on the server, the user can not change freely, so it is more secure.
