"Head First Servlets & JSP"--session management

How does the container know who the customer is?

The HTTP protocol is a stateless connection, the client browser establishes a connection to the server, makes a request, gets a response, and then closes the connection. That is, the connection is only for one request/response.
For a container, each request comes from a new customer.

The customer needs a unique session ID

The

IP cannot uniquely identify a specific user on the Internet
such as a user in a corporate network as an IP, and an IP address is simply the address of a routed device;

• how clients and containers interact with session ID information The
  container must somehow pass the session ID to the customer as part of the response, and the customer must send the session ID back as part of the request;
  the simplest and most common way is to exchange this session ID information through a cookie. The
  container will do all the work of cookies! The
  sends a session cookie in the response:
  HttpSession session=request.getesession ();
  
  Everything else happens automatically:
  You don't have to create a new HttpSession object;
  You don't have to generate a unique session ID;
  You don't have to create a new cookie object yourself;
  You don't have to associate a session ID with a cookie;
  You do not have to set a cookie in the response;
  all work for the cookie is running in the background;

Get session ID from request:
HttpSession session=request.getesession (); The
is exactly the same as the method used to generate the session ID and cookie for the response!
is:

 
   
  
 
    
   
  if< /span> (Request contains a session  id cookie    
 
    
   
     found with the  id  Span class= "pun" > matched session;  
 
    
   
  }  else    if   (no session  id The cookie OR   id   matches the current session) {  
 
    
   
     Create a new session;   
 
    
   
  }   
 
   
  
 

• If you don't want to create a new session
  HttpSession session= request.getSession(false);
  If you only want a session that you already have, return NULL if no session exists, or return httpsession if there is a session.

• If the user does not accept cookies
  If the user does not have cookies enabled, URL rewriting is required. Shown as url+;jsessionid=1234567 in Tomcat.
  URL rewriting works If you cannot use cookies and if you tell the response to encode the URL.
  

  How does a container know that cookies are not working properly?
  The container does not know whether the cookie is working, so when it returns the first response to the customer, it tries both the cookie and URL rewriting methods;
  When the user makes the next request, it appends the session ID to the request URL, and if the user accepts the cookie, the request will also have a session ID cookie;
  When the servlet calls Request.getsession (), the container reads the session ID from the request and considers the client to accept the cookie, so the Response.encodeurl () call can be ignored.

• Another type of URL rewrite
  response.encodeRedirectURL("/BeerTest.do");
  Used to redirect requests to another URL, but still want to use a session.

  Note that if you rely on a session, you will need to rewrite the URL as a fallback.
  Also, because URL rewriting is required, URLs must be dynamically generated in the response HTML, which means that the HTML must be processed at run time. (Of course, url rewriting can be done in the JSP.) ）
  The Encodeurl () method is a method that is called on the HttpServletResponse object and cannot be called on the request, and URL encoding is only relevant to the response.
  

The key HttpSession method

Set Session Timeout

• The session has 3 dead methods:

 
   
  

  
    
   
超时
  
    
   
在会话对象上调用invalidate()
  
    
   
应用结束（崩溃或取消部署）
 
   
  

• Configuring session Timeouts in DD
  
  This is the same effect as calling Setmaxinactiveinterval () on a session.

• Set a session timeout for a specific session
  

• Cookies
  A cookie is actually a small piece of data exchanged between the user and the server (a name/value string pair);
  The server sends the cookie to the customer, and the customer makes the next request and returns the cookie to the server.
  Cookie-related methods are encapsulated in 3 classes: HttpServletRequest, HttpServletResponse, and cookies.
  

• Cookies and headers
  

HttpSession important moments in the life cycle of an object:

Note that the Httpsessionbindinglistener attribute class (such as the Dog Class) is implemented, not configured in DD because it is related only to one of the attributes in the session;
Httpsessionlistener and Httpsessionattributelistener must be registered in DD because they are related to the session itself.

Session migration "The scope of distributed Web applications"

In a distributed Web application, each time the same client makes a request, the last request is likely to reach a different instance of the same servlet;
Request a that points to servlet a might be in one VM, and request B to servlet a might be in a different VM.
So, how do ServletContext, ServletConfig, and HttpSession objects behave?
Answer: Only HttpSession objects (and their properties) are migrated from one VM to another (that is, all VMs have only one httpsession of the same ID), and other objects are replicated (different VMS may have multiple objects of this type).

• Property migration
  If the property is a direct serializable object, the property is automatically serialized at migration time without extra care.
  What if the attribute type is not serializable? For migration, the Property object class needs to be httpsessionactivationlistener and the activation/deactivation callback method is used to solve the problem.

Listener Example

• Session counter
  This listener allows you to track the number of active sessions in this web app:
  
  To configure listeners in DD:
  
  Attention:
  

• Attribute Supervisor Listener
  This listener can be traced every time a property is added to a session, a property is deleted, or a property is replaced.
  
  To configure listeners in DD:
  

  Note that the System.out standard output is exported to Tomcat/logs/catalina.log in Tomcat by default.

• Attribute class (listens for events that have an impact on it)
  

Configure in DD:

Listeners associated with the session

"Head First Servlets & JSP"--session management