Session First Knowledge

The Web server does not have short-term memory, so you need to use session to track the user's entire session activity. There are 3 types of solutions for session management:

1) Use hidden fields (rarely used)

Use hidden fields in the display page to save the session ID. For example, in a JSP, set the Type property of the input label to hidden, and then record the unique identity of the painting into the Value property of the hidden field and set the Name property. When a form is submitted, the session ID is also submitted to the server, and the server finds the corresponding session object based on it. This method is cumbersome to implement and requires a session ID form in each page, so less is used.

2) Use of cookies

The server generates the session ID, creates the cookie object, places the session ID into the cookie, and sets the cookie as part of the response (these are the container's responsibility). After the client receives the response, the session ID is saved in the cookie, and the next request is made from the cookie to the server side, the server side receives the request, according to the session identity sent over to find the corresponding session object, so that the server side to clear which client is currently connected, And you can get information from the session. Using cookies to realize session management is the mainstream method used in the development.

3) Using URL rewriting

If the browser does not support cookies, you can use URL rewriting to implement the session. is to add the session ID at the end of the URL address, overwriting the original URL address. When the server receives the request, it resolves the session ID and then uses the session ID to find the Session object that corresponds to the current request.

Using URL rewriting methods, hyperlinks in the entire Web application or URLs used in scripts need to add a session ID, each page in the Web app needs to be dynamically generated, each connection to the page, or a jump instruction generated by the client, must be preceded by a session ID to ensure that it is the current session. When a customer accesses a static page, the session ID is lost and the previous session cannot be resumed when the dynamic page is returned, which is one of its drawbacks.

Second, when a user browses a Web page, the URL may be copied to a friend, because the URL contains the session ID, and other people may use the same session object as the current browser, which may expose private information.

Session First Knowledge