Introduction to cookies and sessions

Session
I. Cookie
Works Based on the Set-Cookie response header and cookie request header to save the data generated by the Session on the client

Response provides the addcookie method to add a cookie in the response.
Request provides the getcookies method to obtain all cookie information in the request.

New cookie (string name, string value); Create a cookie object
Setvalue and getvalue Methods: Set/obtain cookie values
The getname method obtains the cookie name.
Setmaxage and getmaxage methods-when a cookie is sent to a browser, if maxage is not set, the current cookie information will be stored in the browser's memory. When the browser is closed, the cookie information disappears (Session-level
Cookie ). We can also set a maxage for the cookie. After receiving such a cookie, the browser saves the cookie information as a file in the temporary folder of the browser, the validity period of the file is set to the value of maxage. This way
This cookie is contained when the browser does not randomly switch many times before the timeout time.

Setpath and getpath: Set the address and subaddress accessed by the browser with the current cookie information. If setpath is not set, the default value is the path of the servlet that sends the cookie as path.

Setdomain and getdomain: Set the domain name to which the browser accesses the cookie. The default value is the domain name of the website that currently sends the cookie information. In modern browsers, as long as the cookie has set domain information
The browser rejects this cookie.

Delete a cookie: Send a cookie with the same name, path, or domain to the browser, and set maxage to 0 so that the browser will overwrite the old cookie after receiving the cookie, the new Cookie times out immediately after being overwritten and is deleted.
In addition, a cookie is deleted.

II. Introduction to JSP
JSP is a dynamic web resource development technology provided by Sun. It features writing a JSP page, just like writing an HTML page. What's different is that jsp can embed Java code. If the servlet embeds HTML content in Java code
JSP embedding Java code in HTML makes it easy to organize HTML page output.

When the JSP is accessed for the first time, it will be translated into a servlet by the JSP Translation Engine on the server, and finally output by the translated servlet.

JSP Syntax:
JSP template element: the HTML content on the JSP page is called a JSP template element. In the translated servlet, the HTML content is directly output to the browser.
JSP script expression: <% = Java expression %> in the translated servlet, directly calculate the expression value and output it to the browser.
JSP script snippet: <% several Java statements %> in the translated servlet, It is copied and pasted to the corresponding position for execution.
Multiple script fragments can access each other. A script can be used to judge incomplete Java code, but all the script judgments must be a complete Java statement.
JSP Declaration: <%! Java code %>: The content written in the JSP declaration will be placed at the same level as the service method in the translated Servlet and become a member of the class.

JSP comment: <% -- Comment content -- %>: Content annotated by JSP will be discarded when translated as servlet.
// The content annotated by Java will be translated normally during translation, but it is commented out in the Java source code and discarded during compilation of the class file.
<! -->: The content annotated with HTML is sent to the browser as a template element that is not understood. After receiving the data, the browser recognizes the HTML comment, and the content is not displayed.

Iii. Session
1. session is a domain object
Life cycle: when the first request. getseesion () method is called, the session is created. When no one uses the session for more than 30 minutes (this time can be modified), the server considers the session has timed out.
To destroy the session. You can call the session. invalidate method to destroy the session. When the server is shut down abnormally, the session is destroyed as the server is destroyed. If the server is shut down normally, the Active session will be stored in the service
When the device is closed, it is stored in the hard disk as a file. This process is called session passivation. When the server is started normally, sessions in the file are restored to the memory. This process is called session activation.
Scope: entire session
Purpose: Save session-related data and share data throughout the session

Setattribute ()
Getattribute ()
Removeattribute ()


2. Session principle:
A session works based on a special cookie. Its name is JSESSIONID. When the server creates a session for the browser, it sends the JSESSIONID cookie, and instructs the browser to save its session ID.
When the server accesses the server again, it will bring the cookie. The server can analyze the cookie and find the session corresponding to the browser to serve it.

The session principle can be cleverly used to send the jsessionidcookie with the same name and path and set maxage so that the browser saves the cookie as a file in the temporary folder of the browser, so that the same computing
The browser in the host can still use the previous session even if it is closed multiple times.

3. Disable Cookie Session
If the cookie is disabled in the browser, the JSESSIONID cookie sent by the server after the session is created will be rejected. As a result, the session will not work if the browser does not save the JSESSIONID information. Solution
Solution, you can rewrite all the hyperlinks in the whole site. After all the hyperlinks are followed by a special parameter with a JSESSIONID, the user clicks Any hyperlink, this special parameter is used to access the server,
The server can analyze the JSESSIONID information and find the corresponding session to serve the browser.

The following two methods can be used to transform the input address. The return value is the address after the input address is added with the JSESSIONID. This process is called the URL rewriting process. Before the URL is rewritten, the session must be obtained first. The two
The method is very flexible. As long as the browser accesses the server with any cookie information, the two methods will not rewrite the URL if the browser does not disable the cookie.

Response. encodeurl (""); -- use this method for URL rewriting for common addresses
Response. encoderedirecturl (""); -- this method must be used to rewrite the URL for the address used for redirection.

Request. getsession (): Check whether the browser carries the JSESSIONID cookie. If yes, use the value as the session ID to find the corresponding session as the browser service. If not, analyze the browser access time.
Is there any special JSESSIONID parameter in the URL used? If yes, obtain its value and use it as the session ID to find the corresponding session to serve the browser. If it still cannot be found, create a new session and set the session ID
The JSESSIONID cookie is sent to the browser for saving.

 

4. Session case: implement the user login and logout Function

5. Comparison of serveltcontext, reqeust, and session Fields
The scope of servletcontext is the whole Web application. It is created when the server starts. If the application is removed from the host or the server is disabled, it is destroyed.
The request scope is the entire request chain. Each request creates a request. When the request ends, the request is destroyed.
The role of the session is created when reqeust. getsession is called for the first time. It is destroyed when the session. invalidate method is not used for a period of time or the server closes or calls the session. invalidate method.


When Will serveltcontext be used? When will reqeust be used?
If a data is only used for display, the request domain is used.
If a piece of data is used not only for display, but also for a while, the session
If a data file is used not only for display, but also for others, use the servletcontext Field

Introduction to cookies and sessions