Servlet experience (2) -- Session, Cookie, and servletcookie

Servlet experience (2) -- Session, Cookie, and servletcookie

We know that sessions and cookies are used for Session tracking, but the implementation method is not the same. So what are their differences? Let's take a look at the following steps:

 

Session,CookieMeaning:

Session

A server-side technology, which is created on the server side, usually uses a hash to store information. The storage quantity can be large or small. For example, Tomcat's session object uses HashMap to store key-value pairs.

Used to save the private information of each user. Its survival period is the user's continuous request time plus a period of time.

 

Cookie

A client technology is used to track user sessions. Of course Session can also be used to track user sessions, but the implementation principle is somewhat different. A Cookie is a piece of information sent from the server to the client. It is stored in the browser memory or in text format on the user's hard disk. The amount of data stored is limited. Most browsers use 4 K.

Application:

It is used to save public data information of all users. If the Application object is used, a problem to be considered is that any operation must be completed in Application_OnStart event (global. asax.

 

The following is a comparison table of the three objects that store data:

 

This article mainly comparesSessionAndCookieSo the following focuses on comparing the two:

1. access method:

Cookie: can only save ASCII string, if you need to access Unicode character or binary data, need to UTF-8, GBK or BASE64 encoding. You cannot directly access Java objects. It is difficult to use cookies to store slightly complex information.

Session: You can access any type of data, such as String, Integer, List, and Map. You can directly Save the value of Java Bean to any java class or object. It is very convenient to use. Session can be considered as a Java container class.

2. Privacy and security:

Cookie: it is stored in the client browser and visible to the client. Some client programs may Snoop, copy, or even modify the content in the cookie.

Session: it is stored on the server and transparent to the client. There is no risk of sensitive information leakage.

3. Validity Period:

Cookie: to achieve long-term record effect, it is still a good choice. Set maxAge attributes

Session: It depends on the cookie named JSESSIONID, And the maxAge of cookie JSESSIONID is-1 by default. If you close the browser, the Session will disappear.

4. server load:

Cookie: it is stored on the client and does not occupy server resources. If there are a large number of concurrent users, it is a good choice.

Session: stored on the server. Each user generates a Session. If a large number of concurrent users are accessed, a large number of sessions are generated, consuming a large amount of memory.

 

5. Cross-Domain Name:

Cookie: supports cross-domain access.

Session: valid only for the domain name.

 

High scalabilityWebApplicationHTTPSessionSharing Solution:

1. The Session is not saved on the server, and is completely stateless.

2. Session sharing based on browser cookies.

3. Database-based Session sharing enables Session sharing between distributed applications

4. Clustering mechanism based on application server and Servlet Container

5. NFS-based Session sharing

6. Implement Session Sharing Based on Java Caching solutions such as Terracotta, Ehcache, and JBossCache

7. Session sharing based on Key-Value DB such as Memcached/Tokyo Tyrant

 

Conclusion:The author's knowledge is limited, and his understanding of the data is also limited. Therefore, I would like to take a few notes here and hope to criticize and correct it.

 

Servlet cookie and session

Cookie working principle.
Cookie is a piece of text sent by the server to customer service.
The server sets the set-Cookie response header and sends it to the client as a key-value pair. When the client requests again, the cookie is sent to the server as a request header. After the server receives the request, the two cookies are the same, so they are considered to be the same user.
Two Cookie methods: 1. The cookie exists in the Client Cache and disappears when the browser has disabled the Cookie.
2. It exists in the customer service file. You can set the expiration time to disappear as soon as the expiration time is reached.

How sessoin works.
The Session is sent as a cookie and is cached in the client browser. Therefore, when the session is closed, the session will disappear. At the same time, there is only one Session object for the same customer service.

1. the client sends a request and the server calls reques. getsession () generates a session object, and assigns a sessionid to the session object. It takes the session object as the value and sessionId as the key and stores it in a map set.
2. When the server responds, the session is sent to the client as a response header.
3. When the client sends a request again, the sessionid is sent to the server as the request header. The server finds the corresponding session object based on the sessionid of the response and tracks the session object.

One problem in java servlet is related to cookie and session.

// Read the cookie array from the request
Cookie [] cookieArray = request. getCookies ();
// Store the read data
Int cookieNum;
// If the cookie array is not empty and its length is greater than 0, find the value from it.
If (null! = CookieArray & 0 <cookieArray. length ){
// Traverse the cookie Array
For (int I = 0; I <cookieArray. length; I ++ ){
// If the cookie name is the same as the name of the cookie you want, you need it.
If (cookieArray [I]. getName. equals ("your cookie name ")){
// Convert the cookie into an integer value to cookieNum. It should be written in the try block because the conversion may fail.
CookieNum = Integer. parseInt (cookieArray [I]. getValue ());
}
}
}
I don't want to write any wrong words ..................