In-depth understanding of Jsp/servlet session Management mechanism

HTTP is a stateless protocol, which means that each time a client retrieves a Web page, it opens a separate server connection, so the server does not log any information that was requested by the previous client. Unlike FTP, Telnet and other protocols, FTP and other protocols can remember the user's connection information.

A session is a time interval between an end user communicating with an interactive system, usually the time elapsed between the login system and the logout system and, if necessary, some space for operation. JSP has four ways to implement the session tracking function.

1. Cookies

When the server responds to a request, it can save some data in the form of a "key-value" pair to the client through the response information. When the browser accesses the same app again, the original cookie containing the session ID is brought to the server by the request, and the network server identifies the client's next request by identifying the unique session ID to represent each client.

The cookie used for session tracking is called a session cookie. The cookie name for session tracking in the servlet specification must be jsessionid and stored in the browser's memory.

Cookies can be used to keep the user's session state, but the cookie information is stored on the client side, there is a large security risk, and the general browser of the number of cookies and the size of the data are strictly limited. In a web app, session state is typically persisted through the HttpSession object

1. Session

Session technology is the service-side solution, which is maintained through the server state. In Java, it is created by calling HttpServletRequest's GetSession method (using True as a parameter). When the session is created, the server generates a unique session ID for the session, and the session ID is used to regain the session that was created in the subsequent request, and after the session is created, You can call the session related methods to add content to the session, which will only be saved in the server, sent to the client only session ID, when the client sends the request again, the session ID will be taken, Once the server accepts the request, it will find the corresponding session based on the session ID, which is used again. Formally, the state of the user is maintained.

1. Hide form fields

The Hidden form field is a hidden table consignments (type hidden input) that adds the session ID to the HTML. Redirect and forward

1. Rewrite URL

Encode the session ID in the URL. Example: counter.jjsp;jsessionnid=be8d697876787876befdbde898789098980 This enables session tracking even if the browser does not support cookies.

For URL replication, the server extracts the session ID from the requested URI and associates the request with the corresponding session, and then, when accessing the session data, the JSP page is processed in exactly the same way that the cookie is used to track the session ID. So the implementation of Sesssion relies on cookie or URL replication technology.