Javaweb Study Notes 5-cookie&session


a few days ago, the blog was hacked, causing the blog to log on, the first few days should be sent something to re-send again 

Today, the fifth stage of Javaweb study.

Cookies and the Session is also Web where the development is often used.

The usual, first use a mind map to show today's blog content.

PS: My thinking is with the xMind painting, if you are interested in my mind map and want to see you and detailed information, please click to download

Also: If the picture is not clear, right-click --- open in a new window will be much clearer.

first, Session Management technology Overview1 what is a session?

the session here refers to a call process in web development, when the browser is opened, the site address is accessed, the session starts, and when the browser is closed (or expires), the session ends.

For example: We go to the Internet bar, in the bar to get the user name and password, and then find the machine login, this time the machine will know us, we can start the Internet, which is equivalent to we opened a session of the Internet, when we click the end of the machine (or encounter a shutdown restart), or the Internet, When the machine no longer knows us, then it is called the end of the session.

2 What can session management technology do?

Share data from multiple requests in the same customer browser, such as a shopping cart. (Simple permission filtering)

second, client session management technology (Cookies):1 What isCookies?

It is the cache file of the client browser,

It records some of the content that the client's browser accesses to the site.

It is also part of the HTTP protocol request and Response message header. (Review HTTP protocol)

2 cookiesWhat can I do?

can save the content of the client browser to visit the website (requires the server to open Cookies). Thus, each access needs the same content, first from the local cache, so that resources are shared, and improve efficiency.

cookies are limited in size and number. Each site can have up to a maximum of one cookie andcannot exceed 4kb in size . (32bit cannot exceed 4096MB) at the same time, the total number of cookies on all websites is not more than one.

3 Cookiesthe properties in

Property:

Name : The required attribute, and the cookie.

Value : Required attribute,cookie (cannot be in Chinese)

---------------------------Optional Properties ---------------------------------

Path : paths to cookies (important)

Domain :The name of the cookie (important), equivalent to the website visited (localhost)

maxAge: The lifetime of a cookie (equivalent to living life cycle) (more important),

When you delete a cookie , the value is set to 0.

When this value is not set, the browser's memory is used andthe cookie is lost when the browser is closed . When this value is set, it is saved as a cache file (the value must be greater than 0, in seconds).

Version : The release number of the cookie. (not important)

Comment: A description of the cookie. (not important)

4 in theWebhow to set up and get in the appCookies

Define a Cookies

Cookie cookie = new Cookie (cookiename,cookievalue);

httpservletrequest get Cookies

cookie[] cookies = request.getcookies ();

the method returns an array. (Why an array, convenient, can directly get all the cookies related to the request )

httpservletresponse Add Cookies

Response.addcookie (cookie);

Adding a cookieis actually adding a response message header

Response.setheader ("Set-cookie","name=value;path=;maxage=;d omain=");

(There is no set method because the set will overwrite the previous one, so it is added every time).

How to determine a unique cookie:cookiename+cookiepath+cookiedomain

locating a cookie is made up of the name and path of the cookie, the host (access to the resource ) consists of three parts

5 MasterCookiesthe case:

A: Using Cookie technology Get last access time ( clear cookies, set maxAge (0));

B: the Path of the Cookie(it must be understood when the browser is brought to the server and when it is not taken)

C: Log the login name when the user logs on

D: Record the browsing order

third, the service-side session management technology (HttpSession):1, what isHttpSession

It is a server-side session object that stores the user's session data.

2, GetSessionthe two ways

mode one:request:getsession ();

The execution process is as follows:

mode two:request.getsession (Boolean B);

A few common methods:

void SetAttribute (String key,object value);

Object getattribute (String key);

void RemoveAttribute (String key);

String getId ();

the Invalidate method of HttpSession : The function is to invalidate the session immediately.

Set When the HttpSession expires,Tomcat 's default expiration time is five minutes.

3,HttpSessionThe life cycle

Born--Alive--death

Born: session starts after calling getsession method

Alive: As long as the session is not closed (close the browser) or the immediate invalidation method is called. or server unexpectedly, HttpSession always exists

Death: Call the immediate invalidation method invalidate, to the expiration time, close the session, the server unexpectedly.

4, domain object (three missing one)

HttpSession: Also a domain object that is smaller than the application domain and larger than the request domain scope

 

5 , three cases

A Simple Shopping Cart implementation

B prevent duplicate submissions of forms

C Complete User login, record user name and password

6, client-side disableCookiesretention of post-session data

mode 1: Use text hints. 163 Mailbox is the way to use it.

method 2:URL rewrite.

explanation: When cookies are disabled , the client will never bring a cookie to the server.

Resolved: We brought him ourselves, and put The URL is re-written. Spell a Jsessionid

=session's ID. Using the Response.encodeurl ()

Original:http://localhost:8080/servletdemo/ServletDemo1

after rewriting:http://localhost:8080/servletdemo/ServletDemo1; Jsessionid=123

Note: To rewrite must all rewrite, forget one, the data in session is all lost.

because you don't have a cookie , you create a new session every time .

7,HttpSessionthe state of the objectA, what is a persistent state

don't use it for a long time, but it's less than the expiration date. The HttpSession is serialized and written to disk.

we put HttpSession Persistent state is also called passivation. (with Passivation to the opposite, we call activation.) )

B. When to use persistence

The first case: When the traffic is large, the server sorts according to GetLastAccessTime, and persists for a long time, but not until the expiration time of HttpSession .

second case: When the server is restarted, in order to keep the customer HttpSession The data in the HttpSession, but also to persist the

d. Note: The persistence of HttpSession is managed by the server, and we don't care.

Only classes that implement a serialized interface can be serialized or not.

Javaweb Study Notes 5-cookie&session