Servlet specification-session: Session and cookie

0. servlet specification API core Class 1. Session Overview 1. What is a session? Like phone call 2. What are the main problems solved during the session? Maintain client session data (shopping is the most typical) 3. Solution: COOKIE: Client technology. Set-Cookie response header and cookie Request Header httpsession: server technology. The server creates an httpsession object for each client browser. Ii. cookie1. Cookie attributes: Name. Required value: value. Required path: path. Optional. The default value is the access path of the program that writes the cookie. Assume that the cookie writing program to the client is http: // localhost: 8080/day06/servlet/cookiedemo1. Its default path:/day06/Servlet Path features: when the accessed resource address is: http://www.itcast.cn/index.jsp just written cookie browser will not bring to the server. No (domain names are different). When the accessed resource address is http: // localhost: 8080/day06/ABC/a. jsp, will the cookie browser just written to the server be sent. No (path is different). When the accessed resource address is http: // localhost: 8080/day06/a. jsp, will the cookie browser just written to the server be sent. No (the path is different). When the accessed resource address is http: // localhost: 8080/day06/servlet/a/A. jsp, will the cookie browser just written bring it to the server. Yes (startwith is true). Therefore, if the path of a cookie is set to "/day06", all resources in the application day06 can access the cookie. Domain: domain. Optional. The website that writes the cookie by default. Assume that the cookie writing program to the client is: http: // localhost: 8080/day06/servlet/cookiedemo1. Its Domain Name is: localhostmaxage: maximum survival time. Optional. The default value is the session range (the cookie exists in the memory of the browser ). The Unit is seconds. Delete. Set the time to 0. Note the path of the cookie to be deleted. Comment: Comment. Optional. Version: version number. Optional. 2. The server writes cookiehttpservletresponse. addcookie (cookie C) to the client. The browser supports up to 20 cookies for a website. The maximum number of cookies is 300. The size of each cookie cannot exceed 4 kb. 3. The server obtains the cookiecookie [] cs = httpservletrequest. getcookies (): How to uniquely determine a cookie: domain + path + name4, delete the cookie specified by the Client: locate the cookie to be deleted. If you change maxage to 0, the cookie is deleted. Note: Cookies cannot use Chinese (currently). 3. Cookie cases. 4. httpsession principle. 1. The httpsession object is created by the server and saved in the memory of the server. 2. The httpsession object itself is a domain object (a map is maintained internally) void setattribute (string key, object OBJ) object getattribute (string key) void removeattribute (string key) 3. Create an httpsession: Httpsession httpservletrequest. getsession (): first, search for your httpsession object. Yes.Httpsession httpservletrequest. getsession (Boolean B): If B is true, it is the same as getsession (). If B is false, it is obtained only. If no corresponding httpsession object exists, null is returned. 4. Principle The server sends the ID of the httpsession object (generated and unique by the server) to the client in the form of a cookie (name is JSESSIONID and value is the ID of httpsession. The default path of the cookie is the browser process. The default path is the current application.. If the path is changed to a directory of the application, does the session range change. Session response in JSP: set-COOKIE: JSESSIONID = cfa3c1b6690391ebd8686c55d3540b2b; Path =/day06 request: COOKIE: JSESSIONID = cfa3c1b6690391ebd8686c55d3540b2b 5. httpsession object status 1. the http session object on the server can only be destroyed in 2: A. Timeout: 30 minutes by default. You can use web. XML to configure <session-config> <session-Timeout> 1 </session-Timeout> <! -- The unit is minute --> </session-config> B. The invalidate () method of httpsession is called.