HTTP Cookie/Session, httpcookiesession

HTTP Cookie/Session, httpcookiesession

I. HTTP protocol

HTTP is a stateless protocol. The server cannot determine whether a number of requests come from the same browser, and cannot communicate with the browser.

Ii. HTTP session control: Cookie

Cookie is a cache technology used on the browser,

When the browser sends a request to the server for the first time, the server creates a Cookie object and returns it in the Response Header as a key-value pair. When the next request is sent to the server, the Cookie information is carried in the request header.

1. Create and return cookies

Create a new Cookie (key, value) on the server.

And return it to the browser in the form of response. addCookie (cookie.

(2) Cookie acquisition

Obtain the Cookie array through the request. getCookies () method on the server.

If the Cookie array does not contain cookies, the Cookie array is null.

(3) Cookie validity period (setMaxAge (seconds ))

Session level: stored in the memory of the browser running process. When the browser is closed, the Cookie becomes invalid. (Seconds is negative). Default Value.

Persistence: it is saved in the local file system and the length of the file is seconds. (Seconds is a positive number ).

(4) Delete a Cookie

SetMaxAge (0)

Iii. HTTP Session control: Session

Session is a cache technology on the server side, but it depends on cookies.

1. the browser request information does not contain JSESSIONID cookies

The server creates a Session object through getSession.

Create a Cookie whose name is JSESSIONID and return it to the browser.

2. Cookie whose request information contains JSESSIONID

Find an existing Session object on the server based on the value of JSESSIONID.

① If it can be found, the Session object found will be returned (the Session object is saved as a key-value pair on the server side)

② If no Session object is found, a Session object will be created and the Cookie of JSESSIONID will be returned (including the situation where JSESSIONID is forged)

3. Session Object Persistence

HttpSession session = request.getSession();String id = session.getId();Cookie cookie = new Cookie("JSESSIONID", id);cookie.setMaxAge(30);response.addCookie(cookie);

4. Set the validity period of the Session Object

HttpSession session = request.getSession();session.setMaxInactiveInterval(10);

5. Set forced Session failure

HttpSession session = request.getSession();session.invalidate();

6. If the browser disables the Cookie, you can rewrite it through the Session URL.

HttpSession session = request.getSession();session.setAttribute("attrName", "testValue");String url = "target url";url = response.encodeURL(url);response.sendRedirect(url);

★If the target page also needs to use Session persistence, URL rewriting is also required.

String url = response.encodeURL(request.getContextPath()+"/nextTarget.jsp");

4. Notes:

1. idle time of the Session: the time interval at which the Session object is not accessed by the browser.

2. About request. getSession ()

When the Servlet is the first Web resource accessed by the client, the Session object is created. In this case, session = "false" is specified using the page command on the JSP page. In this case, the Session object is not created.

3. About session = "false"

The session implicit variable is disabled on the current page, but other explicit HttpSession objects can be used.

V. Summary:

To put it bluntly, Cookie is an identifier for communications between the server and the browser.

HTTP is a stateless protocol. sessions between servers and browsers are maintained through cookies (JSESSIONID), and sessions are established on cookies.