The following is the session abbreviation:
1. Session life cycle: Session is created when the server executes the getsession () statement for the first time ( This method: The server first looks for jsessionid from the cookie that the browser brings, If there is a relevant session available, there is a call, if not, to find it from the URL of the hyperlink Jsessionid, if not, a new session will be created. ), if the session object is not accessed within 30 minutes, the server will automatically destroy the session.
Other than that
The expiration time of the session can be configured via the Web. xml file in minutes
<seesion-config> <session-timeout>10</session-timeout></seesion-config>
The session object can be destroyed by the Session.invalidate () method.
2, the session is created based on a cookie, the server in the new session, the session will automatically set an ID information, and in the form of a cookie to write to the browser,Jsessionid=idnumber,idnumber is the only encoding that the server automatically generates, and when the browser accesses another page, it automatically takes the cookie information so that the server automatically invokes the generated session without recreating the session object. Or call the wrong session
3. When the server creates a Session object, the generated cookie is not specified for the time to live , So when the browser closes unexpectedly, the corresponding cookie is destroyed so that when the user accesses the page again ,The last saved session object is not found, and the server creates a new Session object again. This situation can result in the loss of all operational information saved in the session until the browser closes unexpectedly.
so the user experience will be quite bad, in order to avoid this situation, we need to save the Session object ID information cookie set a time to live, so that when the browser closes unexpectedly, the cookie will not be destroyed, so as to ensure that The user can continue with the previous action when the page is accessed again after the browser closes unexpectedly.
Method:
1. Get the ID of the newly created session of the server first
2. Instantiate a cookie that is the same as the server's write-back to the browser to save this ID information
3. Specify the directory that the cookie is visible to, the same as the server default, the corresponding Web app by default
4, set the lifetime of the cookie (preferably 30 minutes or less)
5. Write this cookie back to the browser
Implementation code:
HttpSession session = Request.getsession (); String SessionID = Session.getid (); Cookie cookie = new Cookie ("Jsessionid", SessionID); Cookie.setpath ("path"); Cookie.setmaxage (30*60); Response.addcookie (cookie); 4, we know that the session object is cookie-based, if the user used a browser to disable the cookie, then the session will be invalidated.
The workaround for this type of problem is to use URL Rewriting , the id attribute Jsessionid of the session is added to all the URL information involved.
Implementation code:
String Newurl = response. Encodeurl ("Odlurl")
The Odlurl is rewritten, and the returned NEWURL contains the ID value of the session.
The form of Newurl is:
If there are parameters in the Odlurl, add the Span style= "FONT-SIZE:16PX;" >; jsessionid=idnumber
Span style= "FONT-SIZE:16PX;" >--; Jsessionid=idnumber? --
jsessionid=idnumber
An implementation detail for the Encodeurl (String url) method: When the method executes, The server will determine if the browser has a jsessionid-related cookie, and if there is no URL rewrite, URL rewriting will not occur.
we know that this approach is intended to address issues related to browsers that disable or do not support cookies. In the case where cookies are supported and cookies are not disabled, we still use URL rewriting when the browser is not accompanied by a jsessionid cookie on the first visit, so URL rewriting is done. At the same time the server to the session of the relevant cookie information to the browser, the second time when the browser with related cookies for Jsessionid , so the URL rewrite is no longer done.
Note: For those browsers that disable or do not support cookies, after the URL rewrite, when the browser unexpectedly closes the face of the session lost problem, is not resolved!!!
for robust session tracking, all URLs issued by the servlet should be run through this method. Otherwise, the session cannot be used for browsers that do not support cookies.
HttpSession's working principle and related FAQs
