JSP Session Management

This chapter is about the knowledge and management method of the session in JSP;

Let's talk about cookies and the session.

Two kinds of user information management methods commonly used in the Web:cookies and session.

Cookies are data that is stored on the user's client, and is used to avoid complications when sending an HTTP request with too much data. Therefore, the cookie is stored in the client, according to the requirements of the server side, save the specific content, after each HTTP request, automatically add a certain content.

Session is the data stored on the server side, to verify that several requests belong to the same session, in the same session, will avoid unnecessary validation, to ensure the user's operational coherence.

Reasonable use of sessions and cookies will ensure a high level of usability and a good user experience for Web applications. However, unnecessary operations can also affect web security risks and the efficiency of server usage.

Common methods of Session

The session is a built-in object in JSP, which can be used directly in JSP code, he is an example of httpsession, the common method is as follows:

<%SimpleDateFormat SDF=NewSimpleDateFormat ("yyyy mm month DD Day HH:MM:SS"); Date D=NewDate (Session.getcreationtime ()); Session.setattribute ("username", "Xingoo"); Session.setattribute ("Password", "123"); Session.setattribute ("Age", "26"); //Setup Session Lifetime//Session.setmaxinactiveinterval (2);%>Session creation Time:<%=sdf.format (d)%><br>ID Number of session:<%=session.getid ()%><br>session gets:<%=session.getattribute ("username")%><br>the nature of the preservation in the session:<%string[] Names=Session.getvaluenames ();  for(inti=0;i<names.length;i++) {out.println (Names[i]+ "&nbsp;&nbsp;"); }    %><br> <%//session.invalidate ();//after executing the destruction, the server deletes the relevant content of the session directly;%>

The following results can be obtained:

Session Declaration Period

The session life cycle consists of 3 stages:

1 Create

When the user accesses the JSP page for the first time, the corresponding session is created and saved in the server. After the request, the server will carry this session ID for verification.

2 Events

During the same session, opening a new link belongs to the same session.

3 Destruction

Close the browser, destroy the session with Session.invalidate (), Session expiration

Manage session Expiration

The session expires 30 minutes by default.

1 Setting the expiration time in seconds by using a function method

Session.setmaxinactiveinterval (60); // Unit is Seconds

2 Configuring Web. XML, in minutes

  < Session-config >      < Session-timeout >1</session-timeout>  </  Session-config>

Manage session with Tomcat monitoring

If you log in to the Tomcat management interface for the first time, you will be reporting user rights errors and need to manually set the user password and user permissions for Tomcat.

In the Conf directory, open Tomcat-users.xml

Add the following two lines to the Tocmat-users tab:

< tomcat-users > <  rolename= "Manager-gui"/><username= "Tomcat"  password= "Tomcat"  roles= "Manager-gui"/> </ tomcat-users >

Manager-gui is used to grant users the ability to manage Tomcat through HTML.

Click on Tomcat manager after logging in

Enter the user name password in the prompt dialog, the skill to see the following management interface

You can see that when we visit a page with a session content, the number of sessions in the project becomes 1.

　　Since the expiration time of the session configured in Web. XML is 1 minutes, the subsequent time is also displayed for 1 minutes.

Click on the number 1 hyperlink to get to the Session Directory!

You can see the session related content, you can click on the button above to refresh the session management interface.

Click on the sessionid hyperlink , you can enter the session's detailed page, refer to the following:

Depending on the page, you can check the relevant content of the session and other information.

Note: Because I am using Tomcat 6, other versions may have different landing locations.

Reset in Eclipse Tomcat,tomcat-users.xml is reset

The reason for this is that after your eclipse binds Tomcat, there is a project called Server in the project.

Open the project will find a few configuration files, in the Eclipse restart Tocmat, these profiles will be overwritten in our own installed Tocmat.

So modify the configuration file here, you can!

JSP Session Management