HttpSession server-side Session Technology

httpsession Summary in the Java ee:
① what is a session?
Session is a server-side technology, using this technology, the server at runtime can create a shared session object for each browser, because
The session is exclusive to the User's browser, so when the browser accesses the Server's Web resources, it can put their own data in the respective session, when the user
When accessing other Web resources on the server, other Web resources are then taken out of the User's session to serve the User.
How is the ②session created?

When a user opens a browser and accesses a site, the server will find out if the session object has been created in the Server's memory, and if it has been created, it will be found in the Web server using the SessionID Value. If you do not have a Web server will assign a unique session to the browser, set a SessionID identity for this session, SessionID contains the browser information and the session is part of the Web server under the Web application, The SessionID is then encapsulated in a response object to respond to the client, the client stores the value in a cookie, and the client sends the cookie under that Web app to the Web server when the request is Made. When the session is called, a cookie is passed to find the corresponding Session. It is important to note that the session is an object that the client and the server share data, Although the session is stored in the Web server memory and is bound to a browser. however, If you have more than one Web site under a Web server, the default is to create a different session object from a different Web site under a Web server that is accessed by a single browser. How a server implements a browser that corresponds to a session under a Web application such as:

The life cycle of ③session is 30 minutes by default this can be seen in the Web. XML file by default time of its configuration, or it can be configured to set the session Lifecycle. Web server settings The default life cycle of the session

of course, If you modify the Web server, XML will take effect for the lifetime of the session created by all Web applications under all Web Servers.
If you modify Web. xml, it will take effect for the lifetime of the session created by the current web app. If it conflicts then the priority set under the Web App is Higher.
Of course, There are two functions that can affect the life cycle of a Session.

Setinactiveinterval (): Specifies the time, in seconds, between client requests before the servlet container would invalidate This Session. Refers to the specific time parameter is that setting the servlet container will invalidate the session before the client Requests. This is the time to set the session lazy, in this time the session is not accessed will be invalidated, if it is accessed then reset the time value again into the lazy State.

Invalidate (): Invalidates this session then unbinds any objects bound to it.
Invalidates the session and invalidates the objects bound in the Session.

④session is a domain object whose data mechanism is equivalent to a map and is stored in the form of a key-value pair. You can store any object objects in the Session. This value is overwritten when the duplicate value of the key name is also stored in the Session.
⑤ above we have said that the session is stored on the server side, session in a session in effect, then we close the browser, the server in the browser associated with the session is automatically destroyed it? Of course not, because the session is stored on the Web server side, when the browser is closed, the browser will not send a request to the Web server, so the session is still in the end of the life cycle, still exist in the memory of the Web Server. That is to say, when the session life cycle is not over, we close the browser and open the browser to the Web application under the Web server, the session still Exists. So how do we get this session that was previously exclusive to my browser? is very simple, because the session and browser binding is a Jsessionid cookie, That is, we create a cookie with a cookie key named Jsessionid at the first call to the session and set the life cycle to be the same as the session, and then respond to the browser through the response object, The browser does the storage so that every time the browser sends the request it will bring this cookie. This will enable us to close the browser and then open the browser, still can
Visit the session that was previously exclusive to your Browser. There is a need to understand the knowledge about Cookies. If you don't understand, you can look at the summary of the cookie I wrote earlier:
http://blog.csdn.net/nihaowoshiyudong/article/details/53535183

The Java code is as Follows:

① Create session and store Jsessionid cookie

Package Com.yd.servlet;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.annotation.webservlet;import Javax.servlet.http.cookie;import javax.servlet.http.HttpServlet; Import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import javax.servlet.http.httpsession;/** * Servlet Implementation class CreateSession */@WebServlet ("/createsession")           public class CreateSession extends HttpServlet {private static final long Serialversionuid = 1L;        /** * @see httpservlet#httpservlet () */public createsession () {super (); TODO auto-generated Constructor stub}/** * @see httpservlet#doget (httpservletrequest request, httpservletresponse R Esponse) */protected void doget (httpservletrequest request, httpservletresponse Response) throws servletexception, IOException {request.setcharacterencoding ("utf-8");//the Sessionhttpsession is created when the session is first acquired session= Request.getsession ();Session.setattribute ("name", "TomCat");//storage Jsessionid This cookie makes it the same as the life cycle of the session cookie Cookie=new cookie ("jsessionid", session.getid ());// Set the life cycle of the cookie cookie.setmaxage (30*60); Response.addcookie (cookie);Response.sendredirect ("/sessiontest/getsessionservlet");} /** * @see httpservlet#dopost (httpservletrequest request, httpservletresponse response) */protected void DoPost ( HttpServletRequest request, httpservletresponse Response) throws servletexception, IOException {//TODO auto-generated Method Stubdoget (request, response);}}

Response headers accepted by the browser

② Close Browser

③ Open the browser again to send requests for resources under the same web application, the Java code is as Follows:

Package Com.yd.servlet;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.annotation.webservlet;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import javax.servlet.http.httpsession;/** * Servlet Implementation class Getsessionservlet */@WebServlet ("/           Getsessionservlet ") public class Getsessionservlet extends HttpServlet {private static final long Serialversionuid = 1L;        /** * @see httpservlet#httpservlet () */public getsessionservlet () {super (); TODO auto-generated Constructor stub}/** * @see httpservlet#doget (httpservletrequest request, httpservletresponse R Esponse) */protected void doget (httpservletrequest request, httpservletresponse Response) throws servletexception, IOException {//get the attribute request.setcharacterencoding ("utf-8") in the session; HttpSession session=request.getsession ();string name= (string) session.getattribute ("name"); SYSTEM.OUT.PRINTLN ("the session content that is displayed after the browser is closed:" +name+ "id value" +session.getid () ");//results displayed///the session content displayed after closing the browser: TomCat ID value 8b49f6cbd34bfddee43ba58912fa65d9}/** * @see httpservlet#dopost (httpservletrequest request, httpservletresponse response) */protected void DoPost ( HttpServletRequest request, httpservletresponse Response) throws servletexception, IOException {//TODO auto-generated Method Stubdoget (request, response);}}

The request information header is as Follows:

The Jsessionid of the request information header and the Jsessionid value of the response information header are Visible. So through the Jsessionid can find the browser exclusive session, whether it is a session, as long as the session life cycle is not over, you can access to the Session.

HttpSession server-side Session Technology