Learn daily notes <day11>cookie and session

1. Session Management 1.1 Session management definition

Session Management: Manages session data generated during a session between the browser client and the server

Domain objects: Implementing data sharing between resources

Request Domain Object

Context domain Object

1.2. Session Technology

Cookie Technology: Session data is saved in the browser client

Session Technology: Sessions data is saved on the server side

2.Cookie Technology 2.1 Features

Session Technology: Sessions data is saved on the server side

2.2Cookie Technology Core

Cookie class: Used to store session data

1) Construct Cookie Object

Cookie (java.lang.String name, java.lang.String value);

2) Set Cookies

void SetPath (java.lang.String uri): sets The valid access path for the cookie

void setmaxage (int expiry): Set The effective time of the cookie

void SetValue (java.lang.String newvalue): Sets The value of the cookie

　　　　　　　　3) Send cookies to browser-side save

　　　　　　　　　　void Response.addcookie (Cookie cookie): Sending a cookie

4) the server receives cookies

Cookie[] Request.getcookies (): receive cookies

2.3 Cookie Principle　　　　　　　　

1) The server creates A cookie object that stores session data in a cookie object.

New Cookie ("name", "value");

2) The server sends cookie information to the browser

Response.addcookie (cookie);

Example: set-cookie:name=eric ( hides the response header that sent a set-cookie name )

3) The browser gets the cookie sent by the server and then saves it on the browser side.

4) The browser will take cookie information the next time it accesses the server

Example: cookie:name=eric ( hide with a request header called cookie name )

5) The server receives the cookie information that the browser brings

Request.getcookies ();

2.4 Coo kDetails of IE

1)void SetPath (java.lang.String uri): sets The valid access path for the cookie. Valid path refers to where the valid path of a cookie is saved, and the browser takes cookie information when it accesses the server under a valid path , otherwise without a cookie information.

2)void setmaxage (int expiry): sets The effective time of the cookie.

Positive integer: Indicates that the cookie data is saved in the browser's cache directory (on the hard disk) and the value indicates the time of the save.

Negative integer: Indicates that the cookie data is saved in the browser's memory. Browser close cookie is lost!!

0: Delete cookie data with the same name

3)theCookie data type can only be stored in non-Chinese string types. Multiple Cookiescan be saved , but browsers generally allow only A maximum of three cookiesper site, a Cookies , each Cookies the size limit is 4KB .

3.Session Technology 3.1 Introduction　　　　　　　　

Limitations of Cookies:

1)aCookie can only exist in string types. Cannot save Object

2) can only be stored in non-Chinese.

3) The capacity of 1 cookies does not exceed 4KB.

If you want to save non-strings, more than 4kb content, only use session Technology!!!

Session Features:

Session data is saved on the server side. (In-memory)

3.2 SessionTechnology Core

HttpSession class: For saving session data

1) Create or get session Object

HttpSession getsession ()

HttpSession getsession (Boolean Create)

2) Set session Object

void setmaxinactiveinterval (int interval): Sets The effective time of the session

void Invalidate (): Destroys session Object

Java.lang.String getId (): Get session number

3) Save session data to sessions Object

void SetAttribute (java.lang.String name, Java.lang.Object value): Save data

Java.lang.Object getattribute (java.lang.String name): Get Data

void RemoveAttribute (java.lang.String name): Clear Data

3.3 Sessionprinciple

Problem: The server can identify different visitors!!!

Phenomenon:

Premise: in which session Field object to save data, it must be removed from which domain Object!!!!

Browser 1:( assign a unique tag to S1 :s001, put s001 sent to the browser )

1) Create Session object, save conversation data

HttpSession session = Request.getsession (); -- Save session data S1

New window for browser 1 (with s001 tag to server query,s001->s1, return s1)

1) to get Session data of a Session object

HttpSession session = Request.getsession (); -- can remove s1

new browser 1:( not with s001, cannot return S1)

1) to get Session data of a Session object

HttpSession session = Request.getsession (); -- can not remove s2

Browser 2:(not with s001, cannot return S1)

1) to get Session data of a Session object

HttpSession session = Request.getsession (); -- can not remove S3

　　　　　　　Code Interpretation: HttpSession session = Request.getsession ();

1) The first time the session object is created, assigning a unique IDto the session object,called Jsessionid

New HttpSession ();

2) Send the value of Jsessionid as a Cookie to the browser to save

Cookie cookie = new Cookie ("Jsessionid", SessionID);

Response.addcookie (cookie);

3) When the second visit, the browser with jsessionid cookies to access the server

4) The server gets jsessionid, in the server's memory to search whether to hold the corresponding numbered session object.

if ( found ) {

Return Map.get (SessionID);

}

Map<string,httpsession>

5) If the corresponding numbered session object is found, return the object directly

6) If unable to find the corresponding number of session object, create a new session object, continue to walk 1 of the process

Conclusion: Use jsession cookie value to find the session object on the server !!!!!

3.4 SessonDetails

1)java.lang.String getId (): Get session number

2) Two methods of getsession :

GetSession (True)/GetSession (): creates or gets the session object. a new session object is created automatically without a matching session number .

GetSession (false): gets the session object. No matching session number, return null

3)void setmaxinactiveinterval (int interval): Sets The effective time of the session

Session Object Destruction time:

3.1 Server Auto-recycle by default

3.2 Modify session Recycle time

3.3 Global Modify session validity time

<!---<session-config><  Session-timeout>1</session-timeout></  Session-config>

3.4. manually destroying session Objects

void Invalidate (): Destroys session Object

4) How to avoid the problem of browser jsessionid cookies that are lost as the browser shuts down

New Cookie ("Jsessionid", Session.getid ()); C.setmaxage (60*60); Response.addcookie (c);

Summarize:

1) Session Management: the management of session data generated during browser and server sessions.

2)Cookie Technology:

New Cookie ("name", "value")

Response.addcookie (Coookie)

Request.getcookies ()

3)Session Technology

Request.getsession ();

Setattrbute ("name", " session data ");

GetAttribute (" session data ")

Learn daily notes <day11>cookie and session