JSP Getting Started & session technology

First, JSP
1.JSP Technology
JSP is Sun provides dynamic web resource development technology. In order to solve the problem of spelling HTML content CSS and JS content in a servlet, Sun provides such a technology. If the servlet is nesting HTML in Java, then JSP is nesting Java code in HTML, making it easy to organize HTML pages

When the JSP page is first accessed, it is translated by the JSP translation engine into a servlet, from which the access to the JSP page is output by the servlet.

2.jsp syntax
(1) JSP template elements: The HTML content written in the JSP page is called the template element of the JSP, and is directly exported to the browser page by Out.write () in the translated servlet.

(2) JSP expression <%= Java expression%> in a translated servlet, after calculating the value of the Java expression, it is output to the browser

(3) JSP script fragment <% several Java statements%> in the translated servlet, directly copied and pasted to the corresponding location execution.
You can have multiple script fragments in a JSP page that can embed text, HTML tags, and other JSP elements between two or more script fragments
Code in multiple script fragments can access each other as if all the code is in a pair of <%%>
The Java statements in a single script fragment can be incomplete, but the result of a combination of multiple script fragments must be a complete Java statement
(4) JSP Declaration <%! Several Java statements%> in the translated servlet are placed in the same position as the service method, becoming a member of the class

(5) JSP annotations
The content of the <%--comment is--%> commented out by the JSP annotation, which is discarded when the JSP translation engine translates the JSP into a servlet, without this information in the translated servlet.
<%//java comments%> Java annotations are translated into servlets as JSP script fragments, and comment information is discarded when the. java file is translated into a. class file.
<!--HTML annotations and HTML annotations are exported as template elements to the browser, and the browser recognizes that HTML annotations are not displayed

JSP directives
JSP tags
JSP built-in objects
==================================================================================================
Second, session technology
1. Multiple request responses generated by the browser starting to access the site to the end of the site are called a session
Session-related data is generated during the session and we need to save the data.

Cookies: Client Technology
Session: Server-side technology

2.Cookie
The cookie is based on the Set-cookie response header and cookie request header, the server can send Set-cookie request header command Browser to save a cookie information, the browser will access the server as a cookie request header to bring back the previously saved information

Request.getcookies ();

Response.addcookie (Cookie c);

The new cookie (String name,string value)//cookie needs to set the name and value of the cookie when it is constructed.
GetName ();//No SetName ();
GetValue ();
SetValue ();
!! Setmaxage and Getmaxage method
--a cookie is a session-level cookie if it is not set maxage, and the cookie is stored in the browser's memory after it is called by the browser. This means that as long as the browser is turned off, the cookie information disappears as the browser memory is destroyed. A cookie can also be set to MaxAge, browsing once a cookie is found to have been set MaxAge, The cookie information is saved as a file in the browser's temporary folder and saved to the specified time. This way, even if you switch browsers many times, because these browsers can see the cookie file in the Temp folder, Therefore, the cookie information is present before the cookie expires.
--To command the browser to delete a cookie, send a cookie,maxage with the same name as path, set to 0, the browser to identify the cookie by name +path, found that the same name and Path,cookie overwrite immediately after the time-out is deleted, thereby deleting the cookie.

!! SetPath and GetPath method
--Used to tell the browser which path and its sub-path to the server are being accessed with the current cookie information.
If not explicitly set, the default path is the path to the servlet where the cookie is sent
SetDomain and GetDomain method
--Used to inform the browser of which domain name to visit with the current cookie information. However, it is important to note that a modern browser will refuse to accept this cookie once it has found that the cookie has set the domain information. We don't usually set this method

3.Session
Session is a domain
!! Scope: Current session scope
!! Life cycle:
When the program first calls to the Request.getsession () method, it indicates that the client explicitly needs to use the session to create the corresponding client session object at this time.
When the session exceeds 30 minutes (this time can be modified in the Web. xml file), no one uses the session timeout to destroy the session.
The explicit call to the Session.invalidate () method in the program kills the session immediately.
When the server is shut down abnormally, it dies with the death of the virtual machine.
* If the server is normally shut down, the session that has not timed out will be saved as a file in the server's work directory, this process is called session passivation. The inactive session is restored to memory the next time the server is started normally. This process is called the activation of the session.
!! Role: Sharing data within a session scope

!! The principle of Session:
The Request.getsession () method checks to see if there is a Jsessionid cookie in the request, and if there is a value out of it, find the corresponding session to serve it.
If there is no check the requested URL after the form of parameters with Jsessionid come over, if there is a corresponding session to find the browser service
If you do not find the browser does not have a corresponding session, create a session and then add the Jsessionid cookie in the response, the value is the ID of the session

By default, Jsessionid path is the name of the current web app and is not set to MaxAge, which is a session-level cookie.

This means that once the browser is closed and a new browser is opened, the previous session will not be found due to Jsessionid lost
We can manually send the Jsessionid cookie, the name and path set the same as the automatic send, but set a maxage, so that the browser in addition to saving jsessionid information in memory in the temporary folder in the form of files saved, This way, you can still use the previous session even if you re-open the browser

URL rewriting:
If the browser disables cookies, there is no way for the browser to Jsessionid cookies, so it will not be able to use the session.
We can use the mechanism of URL rewriting, after all hyperlinks are parameters to the form of jsessionid information, so that when you click on the hyperlink can use the URL parameter to be jsessionid, thus using the session
Rewrite the URL to jsessionid the process of stitching on a URL is called a rewrite

Request.getsession ()--the session ID must be created before the URL rewrite to be rewritten
Response.encodeurl ()---The general address is rewritten in this way
Response.encoderedirecturl ()---Use this method if the address is used for redirection

*url override method Once the browser has brought back any cookie information, it is considered that the client has not disabled the cookie and will no longer rewrite the operation



Cookies are client-side technology
The data is saved on the client, and this information can be saved for a long time
Data may be emptied at any time, so the data stored in the cookie is not very reliable.
Data is stored in the client, may be seen at any time, if some sensitive information such as user name password and other information in the cookie, there may be security issues

Session is server-side technology
Data is stored on the server side, relatively stable and secure
Server memory is used, so the average time to survive is not too long, and the timeout period is destroyed. We have to set the session time-out according to the pressure of the server and the use of the session, which can ensure the survival time of the session is sufficient. At the same time, the session can be destroyed in time to reduce the server memory consumption.

JSP Getting Started & session technology