Session Sessions and Cookies

Session
The user opens a browser, clicks multiple hyperlinks, accesses multiple Web resources on the server, and then closes the browser, the entire process is called a session
The state of the server Management client is called Session state management.
Two techniques for managing the session state of the HTTP protocol to save session data
Cookies and session
A cookie is a client-side technology in which a program writes each user's data to a user's browser in the form of a cookie. When used to use a browser to access Web resources on the server, it takes the respective amount of data. So the Web resources are processing the user's own data.
Session is a server-side technology, using this technology, the server at run time can be used for each user's browser to create a unique session object, because the session for the user browser exclusive, with a separate number so the user access to the server's other Web resources, Other Web resources then take the data out of the user's session to serve the user.
The cookie exists on the client side, there is a security problem, the session saves the data on the server, security but consumes the server memory resources.

Return last access time
1. Write a cookie to the client on the first visit
Cookie Cookie =new Cookie ("name", "value");
Response.addcookie (cookie);
2. When the client has cookie lag, each request automatically carries the HTTP protocol request automatic header information Cookie:name=value, the server obtains the cookie data needed
Cookie [] cookies=request.getcookies ();//Get All Cookies
for (Cookie cookie:cookies) {
if (Cookie.getname (). Equals ("name")) {
To handle value values
}
}

Common API Methods
Cookies
Request.getcookies (); Gets all the cookie information in the request returned instead of a cookie[] array//In the request header information in the cookie:
Response.addcookie (New Cooke ("" ")); writes back a Cookie to the client, Set-cookie in the response header message:
Cookie.getname (); Get cookie Name
Cookie.getvalue (); Get cookie value.
Cookie.setvalue ("value"); Change cookie value
Setmaxage (time)//Set cookie expiration to make it persistent cookie,time unit is seconds
Getmaxage ()
SetPath ()//set a valid path.
GetPath ()
SetDomain (". baidu.com") setting a valid domain name
GetDomain ()
Note that the name value of the cookie is not allowed to be modified, so there is no SetName () method.
Cookie information is stored in the browser memory by default, is a session cookie, the session cookie is closed in the browser, the session ends automatically clear, persistent cookie refers to the cookie data stored on the local hard disk, through the Setmaxage method set, The session close does not clear the cookie, the request header information is expires:, if the Setmaxage value is changed to 0, the browser will be ordered to delete the cookie, pay attention to delete the cookie is guaranteed to be a valid path, otherwise it will not be deleted. The normal re-deletion will also reset the valid path to ensure the path is consistent.
By default, when a cookie is generated, a default access path is generated, the path to the cookie is generated by default (the previous level of the servlet path), and the corresponding cookie information is not carried if the path of the next access server is inconsistent with the default valid route.
Http//localhost/test/servlet/path
Http//localhost/test/servlet2
For the above path, if the cookie path is/test, access to the valid path of two paths will carry cookie information consistently
If the cookie path is/test/servlet, access to the first path carries information, and access to the second path does not bring back cookie information
Set a valid domain name, access to the domain will carry cookie information, such a cookie if the domain name is not a domain name for the creation of cookies is a third-party cookie is unsafe browser is generally disabled, If the domain name that generated the cookie is a first-party cookie, it is generally seldom used

Session (Sessions)
Common API Methods
Request.getsession (); Gets a HttpSession object
Session.setattribute (Name,value); Add session information
Session.getattribute (name); Get session information

Session principle
Session Browser Exclusive reason is that when the browser accesses the server Serlvet program, the server produces a Session object and assigns the SessionID number, the session ID information in the form of cookies written to the browser, The browser accesses the corresponding numbered session object directly through the cookie query ID, while the other browser does not have this cookie to access the session object.

How the session is shared with a browser
The cookie value that will be written back to the browser Jsessionid persistent storage

Session processing after disabling cookies
The solution URL Rewrite adds SessionID information without using cookie information.
Response.encoderedirecturl (java.lang.String URL) is used to rewrite the URL address after the Sendredirect method
The Response.encodeurl (URL) is used to override the URL address of the form action and hyperlink.

Expiration time of Session
Web. XML to configure the session expiration time
<session-config>
<session-timeout>30</session-timeout> default is 30 minutes and will be destroyed if no session object is reused within 30 minutes
</session-config>

The life cycle of a cookie
Create and destroy
Create a cookie Cookie=new cookie (name,value); Response.addcookie (cookie);
Destroyed when a session cookie browser is closed, and for persistent cookies that are destroyed when the cookie expires

The life cycle of the session
Create; Request.getsession ()
Destroyed when the server is closed, destroyed when session expires, manual call Session.invaliadte () method destroyed

Session is commonly used to complete system permissions and authentication functions
permissions, assigning administrative rights according to session after user authentication
Authentication; User Login, authentication identity

Servlet three range of data
ServletContext
HttpServletRequest
HttpSession
Three data ranges, each of which maintains a data structure similar to the map set, with the same number of methods
SetAttribute Deposit a property
GetAttribute Take out a property
RemoveAttribute Removing a property

Usage of three data range objects
ServletContext is created when the server is started, destroyed when the server shuts down, shared by all servlets, and some global data is saved
For example, database connection pool, engineering configuration properties, configuration file content, generally not recommended to use, because the life cycle is too long to occupy server resources
HttpSession, used to save some user-related data, created at Request.getsession, destroyed in three cases
For example, system login information, Shopping cart data
HttpServletRequest When a client initiates a request, the server creates an object that is destroyed at the end of the response to hold the servlet transmitting data information to the JSP
For example, perform an action to pass the result of the action to the JSP
The rule to use is to try to save the object with a shorter life cycle and a smaller footprint

Session Sessions and Cookies