How Tomcat works-Eight, session management in Tomcat

While using the Shiro session, it is not particularly clear that the session management is in Tomcat, and it is necessary to learn the session management as a more important part of Tomcat.

Directory

• Overview
• The role of the session
• Session new, find, and update
• Session Delete
• Summarize

Overview

In the tomcatsession management of the class standard implementation for Standardmanager, the main role is to start the load cache session, the class relationship is as follows:

The session used in the user servlet is Standardsessionfacade (also using the facade mode, similar to request), with the following class relationships:

The role of the session

Because the HTTP protocol is stateless, but in actual use we need to know the last request to save data on the server side, this time to use the session, combined with the client's cookie can be implemented temporarily on the server side to store some data. Note, however, that cookies are not just for the sake of the session, but that cookies are primarily used by clients to store some data. Unlike ordinary cookies, the cookie associated with the session is returned by the server to the browser, which is automatically set by the browser and does not require the developer to participate.

Session new, find and update session new

Because the session is not necessary in a single request, Tomcat does not necessarily create a session, only when it is used to create a new session, such as using the session in Userservlet, the creation process is as follows:

The non-red frame is the part of the session new process, in the Request.addsessionidinternal method to set the session as Cokkie to response header information, the browser received "Set-cookie" The header information will be set to the cookie and will be taken on the next request.

Session Lookup

When the same client is in a valid time (the default is 30 minutes, which is also the default expiration time of the session), when the second request comes, Parse the request header information in the Coyoteadapter.postparserequest method to get the cookie (if any), and then set the cookie as SessionID (in fact the cookie is SessionID) to the request object, in S When calling GetSession in Ervlet, if the session is found based on the SessionID, it will not be created, otherwise it will be new.

The calling procedure is the red box at the top left.

Session Update

Because the session has an expiration time, Tomcat records the session's Lastaccessedtime, updating the session is the time to update, call the process as the bottom of the red box.

Session Delete

The default session is the expiration time, and is saved in memory, if, has not deleted the session, the final will definitely burst memory, in Tomcat delete session in the case there are two kinds:

• When a new request comes in, if it finds the corresponding session, it will verify that the session is available (expired) and will delete the session if it expires.
• In the daemon thread (Containerbase$containerbackgroundprocessor.processchildren standardcontext-> Containerbase.backgroundprocess in Call standardmanager->managerbase.backgroundprocess), the timing check is expired and deleted if it expires.

Summarize

To here Tomcat source Reading has been basically completed, the general context has been very clear, a lot of harvest, the first time to read the source does feel a good open source project of the strong.

This period of time to figure (drawing with Astah) and notes

Http://pan.baidu.com/s/1dF2sGpj

How Tomcat works-Eight, session management in Tomcat