Javaweb Learning Summary (12)--session

First, the session simple introduction

In web development, the server can create a session object for each user browser (Session object), note that a browser exclusively has a Session object (by default). Therefore, when the user data needs to be saved, the server program can write the user data to the user's browser exclusive session, when users use the browser to access other programs, other programs can remove the user's data from the user's session, to serve the user.

Ii. key differences between session and Cookie

• A cookie is a browser that writes the user's data to a user.
• Session Technology writes the user's data to the user's exclusive session.
• The session object is created by the server and the developer can invoke the GetSession method of the request object to get the session object.

Third, the session implementation principle 3.1, the server is how to implement a session for a user browser service?

Server creation session, will be the session ID number, as a cookie back to the client, so as long as the client's browser is not closed, and then to access the server, will take the session ID number to go, the server found the client browser with session ID comes in, it will use the corresponding session in memory to serve. You can use the following code to prove that:

1  Packagexdp.gacl.session;2 3 Importjava.io.IOException;4 Importjavax.servlet.ServletException;5 ImportJavax.servlet.http.HttpServlet;6 Importjavax.servlet.http.HttpServletRequest;7 ImportJavax.servlet.http.HttpServletResponse;8 Importjavax.servlet.http.HttpSession;9 Ten  Public classSessionDemo1extendsHttpServlet { One  A      Public voiddoget (httpservletrequest request, httpservletresponse response) -             throwsservletexception, IOException { -  theResponse.setcharacterencoding ("Utf=8"); -Response.setcontenttype ("Text/html;charset=utf-8"); -         //Use the getsession () of the request object to get the session, and if the session does not exist, create a -HttpSession session =request.getsession (); +         //storing data in a session -Session.setattribute ("Data", "aloof and pale Wolf")); +         //gets the ID of the session AString sessionId =Session.getid (); at         //determine if the session is newly created -         if(Session.isnew ()) { -Response.getwriter (). Print ("session created successfully, session ID is:" +sessionId); -}Else { -Response.getwriter (). Print ("The server already has the session, and the session ID is:" +sessionId); -         } in     } -  to      Public voidDoPost (httpservletrequest request, httpservletresponse response) +             throwsservletexception, IOException { - doget (request, response); the     } *}

On the first visit, the server creates a new sesion and sends the session ID as a cookie to the client browser, as shown in:

Click the Refresh button to request the server again, at this point you can see the browser to request the server, will be stored in the cookie session ID is passed to the server side, as shown in

I guess the Request.getsession () method must have done the following after the new session was created inside

1 // gets the ID of the session 2 String sessionId = session.getid (); 3 // store the session ID in a cookie named Jsessionid 4 New Cookies ("Jsessionid", sessionId); 5 // set a valid path for a cookie 6 Cookie.setpath (Request.getcontextpath ()); 7 Response.addcookie (cookie);

Iv. session processing After the browser disables Cookies 4.1, IE8 disable cookies

Tool->internet, privacy, settings, pull the slider to the top (Block all Cookies)

4.2. Solution: URL Rewrite

　　The response.encoderedirecturl (java.lang.String URL) is used to override the URL address after the Sendredirect method.
　　response.encodeurl (java.lang.String URL) is used to override the URL address of the form action and hyperlink

4.3. Example: The servlet shares the data in the session after disabling the cookie

Indexservlet

V. Creation and destruction of Session objects time 5.1, Session object creation time

A new session is created when you first call the Request.getsession () method in your program, and you can use the IsNew () method to determine if the session is a newly created

Example: Creating a Session

// Use the getsession () of the request object to get the session, and if the session does not exist, create a HttpSession session = request.getsession (); // gets the ID of the session String sessionId = session.getid (); // determine if the session is newly created if (Session.isnew ()) {    response.getwriter (). Print ("session is created successfully, the session ID is:" +sessionId);} Else {    response.getwriter (). Print ("The server already exists session,session ID is:" +sessionId);}

5.2. Time of destruction of Session object

Session object default 30 minutes is not used, the server will automatically destroy the session, in the Web. xml file can be manually configured session failure time, for example:

1 <?XML version= "1.0" encoding= "UTF-8"?>2 <Web-appversion= "2.5" 3 xmlns= "Http://java.sun.com/xml/ns/javaee" 4 Xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" 5 xsi:schemalocation= "Http://java.sun.com/xml/ns/javaee6 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ">7   <Display-name></Display-name>8   9   <welcome-file-list>Ten     <Welcome-file>index.jsp</Welcome-file> One   </welcome-file-list> A  -   <!--set the session's effective time: in minutes - -     <Session-config> the         <Session-timeout>15</Session-timeout> -     </Session-config> -  - </Web-app>

When you need to manually set the session failure in the program, you can manually call the session.invalidate method to destroy the session.

1 HttpSession session = Request.getsession (); 2//Manual call Session.invalidate method, destroy Session3 session.invalidate ();

Javaweb Learning Summary (12)--session