Java practice of 04JavaWeb-03 session technology, java04javaweb-03

Java practice of 04JavaWeb-03 session technology, java04javaweb-03
I. Introduction to session Technology 1. What is session? Why is session technology required?

Session: the process from opening a browser, accessing a website, to closing the browser is called a session. The http protocol is in the status.

2. Classification of session Technology

Client Storage Technology: Cookie

Server storage technology: Session

What is the difference between Cookie and Session?

1) User information stored in cookies is stored on the client. Session stores data on the server, but the Session encoding id must be stored on the client.

2) Cookie is relatively insecure in terms of security, and Session is relatively secure.

3) Performance: based on the actual situation

Ii. Cookie of session Technology

Cookie technology stores data on the client

1. How to Write a cookie to the client

1) create a Cookie object

Cookie cookie = new Cookie (name, value );

2) Write a cookie to the client

Response. addCookie (cookie );

Client: the client parses the http Response and has a cookie in the Response Header. The client automatically stores the cookie information in the client cache.

2. How to obtain a Cookie from the client

1) obtain all cookies carried by the client

Cookies [] request. getCookies ();

2) Obtain a specific cookie

Traverse all cookies

Get the name of a cookie through getName ()

Get the value of a cookie through getValue ()

3. Cookie setting details

1) Session-level cookies and persistent cookies

Session-level cookie: The session end cookie is cleared.

Persistent cookies: store cookies on disks.

Time saved on disk

Cookie. setMaxAge (seconds );

Note: If you want to delete a cookie that has been stored on the disk

Set the cookie persistence time of the same name to 0.

The path of the cookie to be deleted is set to the same as the path of the cookie stored on the disk (that is, the setPath of the two cookies is consistent)

2) set the path carried by the cookie

By default, a cookie is carried in the directory where the generated cookie resource is located.

Cookie. setPath (path with cookie );

When setting the cookie carrying path, it starts with "/", and "/" indicates the current web server.

For example:

Cookie. setPath ("/"), which is carried by all resources that access the web Server

Cookie. setPath ("/home"), carrying cookie during home Application

3) set third-party cookies (learn more)

Cookie. setDomain (Domain Name );

Third-party cookies are offensive

4. The above code implementation

1 response. setContentType ("text/html; charset = UTF-8"); 2 // 1. Cookie creation time 3 SimpleDateFormat format = new SimpleDateFormat ("yyyy-MM-dd hh: mm: ss "); 4 String accessTime = format. format (new Date (); 5 Cookie cookie = new Cookie ("accessTime", accessTime ); 6 // 1.1 set the cookie persistence time ---- storage time on the disk 7 // cookie. setMaxAge (60*10); 8 // 1.2 sets the cookie carrying path/Representing the web Server 9 cookie. setPath ("/day11_208/abc/accessTime"); 10 // 2. Set Cookie to client 11 response. addCookie (cookie); 12 // 3. Obtain cookie13 String accessTime_client = null for the time carried by the client; 14 Cookie [] cookie = request. getCookies (); 15 if (cookies! = Null) {16 for (Cookie coo: cookies) {17 // retrieve the cookie object name 18 String cookieName = coo. getName (); 19 if ("accessTime ". equals (cookieName) {20 // retrieve the cookie value 21 accessTime_client = cookie. getValue (); 22} 23} 24} 25 26 // 4. display the last access time for the user 27 if (accessTime_client! = Null) {28 response. getWriter (). write ("your last access time is:" + accessTime_client); 29} else {30 // The first access to 31 response. getWriter (). write ("this is your first visit"); 32}

Iii. session technology Session1. how to create a session/obtain a session

HttpSession session = request. getSession ();

Internal principle of the above method:

When the request calls the getSession method, it will check whether the user has a memory area in the web application. If any, it will directly return the address in this memory area, create a new session region if no region exists.

What does the server determine whether a user already has a session?

Based on the session id ---> JSESSIONID

2. session Lifecycle

Create: The first time you call request. getSession ()

Destruction:

1) Disable session destruction on the server

2) The default session timeout is 30 minutes.

Computing point start from: 30 minutes after the last operation of the site

3) manually destroy the session

Session. invalidate ();

3. Session is a domain object

The Session uses cookies. The JSESSIONID of the same Session is the same.

If you close the browser and access the resource, the session will be created again.

How to Make session persistent -----> store Cookie persistence of JSESSIONID

Get the packet capture tool:

Set-Cookie: JSESSIONID = 6232D4782FC69B1D780261E93DFA5FBB; Path =/day11_208 /;

Manually create a Cookie and add a max-age based on the preceding cookie.

1 // manually create a Cookie to store JSESSIONID2 // Set-Cookie: JSESSIONID = 6232D4782FC69B1D780261E93DFA5FBB; Path =/home/; 3 Cookie cookie = new Cookie ("JSESSIONID", session. getId (); 4 cookie. setPath ("/home/"); 5 cookie. setMaxAge (60*10); 6 7 response. addCookie (cookie );

If the client disables the Cookie, the client cannot store the Cookie and the JSESSIONID is lost. How can this problem be solved?

Solution: rewrite the URL by using a semicolon after each url address; concatenate JSESSIONID

1         HttpSession session = request.getSession();2         System.out.println(session.getId());3         String url = "/home/index.jsp";4         url = response.encodeRedirectURL(url);5         System.out.println(url);6         response.sendRedirect(url);

Http: // localhost/home/index. jsp; jsessionid = 377B2F0501FF9FE643D7D88F4E883FFD