Session tracking Technology--cookie and Sessions summary

We know that the servlet is a singleton multi-line access, so we can't set the servlet member variable to hold the browser's access data. How to solve the browser's access data, so that different visitors can access their own data?

After learning about cookies and session technology, readers will understand the problem.

When we use the HTTP protocol to transmit data over the network on a browser, the server has two ways of handling HTTP status, cookies and sessions.

The author's understanding of cookie setting session is this: when we want to record the interaction between the browser and the server, the usual way is

1. Cookie Technology

The server receives access to the browser, and the browser writes the information about the visit to the browser and onto the client. We call this technology cookie technology.

2.session Technology

When the browser accesses the server, it obtains some data and accesses the same data for the next visit. The server stores this data on the server file.

Cookie Introduction

cookie--complies with the RFC2965 standard, records client operations and saves them to the folder specified by the browser. This shows that cookies are not safe. When using cookies, you should not let them implement complex business logic and preserve important data.

Common cookie applications: shopping carts, browsing footprints and more.

Characteristics of Cookies:

1. The server can only write content to the client in text mode

2. Clients can organize server writes

3. What you can only write to your web App

There are two ways to store 4.cookie: Window cookie Storage and text cookie store. The first one has its own life cycle, the time of its life cycle is set by the server, the latter is written to the client memory and can be saved permanently.

Session Concise:

During a certain period of time, the "transaction" between the client and the server is connected. In servlet/jsp, if the browser does not support cookies, the session technology can be implemented by means of a URL or a form to carry. If the client does not operate within a certain range, the server is based on the Tomcat root directory in the/conf/web.xml configuration file:

<session-config>

<session-timeout>30</session-timeout>

</session-config>

To specify the connection period for the session. The above configuration shows that if the session does not operate for 30 minutes, it will be difficult to terminate the conversation. Cookies belong to the cookie class, but the session is different from the HttpSession class.

Features of the session:

1.session instances occupy the server's independent memory, so the session and cookie are different, the session does not have the access limit of the file path.

2.session corresponds to window one by one of the client.

3. The session instance is marked by SessionID and SessionID is generated by the server.

4. How the client sends SessionID to get the session instance:

(1). stored in a cookie

(2). Url+? +jsessionid=sessionid Carry

(3). Embedded form: <input type= "hidden" name= "Jsessionid" value= "input SessionID value" >

5. If the browser is set to not support cookies, then you cannot use cookies to obtain SessionID.

6.cookie data is stored on the client side, and it is not possible to use cookies to obtain SessionID for high-security data. You can only use the URL to carry + encrypt the way.

The 7.session life cycle can be specified in the oil Setmaxinactiveintervall (life cycle value) or in the server configuration file, Web. Xml.

Common methods of Cookies:

. New Cookie (string,object); Construct cookie object using key-value pair

. Setmaxage (); Set the lifecycle of a cookie

Resp.addcookie (Cookie object); Write cookies to the browser

Req.getcookies (); Gets the entire cookie object of the current directory's extremely subdirectory

. GetName (); Gets the name of the key saved by the cookie

. GetValue (); Gets the value saved by the cookie

Session Common methods:

. Getattributnames ();/.getattribut (String name); Gets all property names or gets the property values based on the property name.

. Getcreatetime (); Gets the time that the current session was instantiated.

. GetId (); Gets the ID code of the session.

. Getmaxinactiveinterval (); Set session life cycle.

. invalidate (); clear the HttpSession instance.

. IsNew (); Determines whether the session object is up to date.

. SetAttribute (String name,object obj); Set session key value pair property contents

. Setmaxinactiveinterval (); Sets the life cycle of the httpsession.

This article is from the "11113082" blog, please be sure to keep this source http://11123082.blog.51cto.com/11113082/1740940

Session tracking Technology--cookie and Sessions summary