State management of Web applications

I. Web application state form
1. Form hidden fields
2, cookie--the user status information sent to the client browser by the server to save
3 session tracking, the server created and maintained for clients to hold the client state data of the Session object
4, URL address rewrite.
(a) Cookies

1:cookie principle:

When the server responds to the request, it saves some data in the form of a "key-value" pair in response to the client, and when the browser accesses the same app again, the original cookie is brought to the server side via the request message.

Cookie cookie = new Cookie ("Cool", "tiger!");

Response.addcookie (cookie);

2: Managing Cookies in Serlvet

The following API for manipulating cookies is provided in the servlet

–cookie (name, value): Constructs a method for creating one or more cookies

–setmaxage (int lifetime): Sets the expiration time (in seconds) of the cookie. The default value is negative (the cookie expires when the browser closes)

–getmaxage (): Gets the expiration time of the cookie.

–getname (): Get the name of the cookie

–setvalue (String value): Specifies the value of the cookie.

–getvalue (): Gets the value of the cookie

-.......

3: Using cookies in the servlet

To send a cookie to the client, the servlet should follow these steps:

– Create one or more cookies, using the construct method to specify the name and value of the cookie

– Use the Setxxx method to set property values for a cookie

– Use the Addcookie () method of the HttpServletResponse object to insert a cookie into the response header

To read incoming cookie,servlet from a client, perform the following steps:

– Returns an array of cookie objects using the GetCookie method of the HttpServletRequest object

–servlet iterates through the array (calls the GetName () method) until it finds the cookie value that matches the name

(ii) Sessoin

1:session principle

-The server can create and maintain a session object for the client to hold the data.

-At the same time that the session object is created, the server will generate a unique number for the session object, which is called SessionID

-The server stores SessionID on the client in a cookie manner.

-When the browser accesses the server again, SessionID is taken to the server as cookie information, and the server can retrieve the previous session object and access it through the SessionID.

2:httpsessoin interface

Some common methods of HttpSession interface

–setattribute (java.lang.String, Java.lang.Object): Binds an object with a name in the Session object.

–getattribute (java.lang.String): Gets the object saved in the Session object by name.

–removeattribute (java.lang.String): Deletes the object corresponding to a name in the session.

–getcreationtime (): Returns the time when the session was first created.

–getlastaccessedtime (): Returns the last time a container has requested the session ID.

–setmaxinactiveinterval (int interval): Specifies the maximum interval of time, in seconds, for a client request for a session. -1 means never expire

–getmaxinactiveinterval (int interval): Returns the maximum interval of time for a customer request.

–invalidate (): Session end, all session properties that currently exist in the session are also unbound.

–getid (): This method returns the unique identity for each session

-......

(iii) The difference between session and Cookie.
1, the session is saved in the server, the client does not know the information; the cookie is stored on the client and the server is able to know the information.
2. The object is saved in the session, and a string is saved in the cookie.
3, the session can not distinguish between the path, the same user during a visit to a website, all sessions in any place can be accessed. In the cookie, if the path parameter is set, the cookies under different paths in the same Web site are inaccessible to each other.
4, the session needs to use cookies to be normal, if the client completely prohibits cookie,session will expire.

Session Timeout Management

There are three simple ways to destroy a session//the browser shuts down does not mean that the session object is deleted

– Set the session timeout.

– Call the Invalidate () method on the Session object.

– End of application (crash or Cancel deployment)

Configure//In minutes for the Web. xml file

<session-config>

<session-timeout>15</session-timeout>

</session-config>

Session Persistence Management

URL rewriting

The normal use of the session object depends on the cookie

URL address rewriting is able to get a session placed in a cookie and append the session ID to each URL that accesses the app and finally

URL Rewrite method:

Response.encodeurl ()

Response.encoderedirecturl ("/lovobook/sucess.html")

URL rewriting is done automatically by the container, but we need to encode the URL to be effective

Summarize:

1 The HTTP protocol uses a stateless connection, and the connection is only for one request/response

2 State management Scenario: Form hidden field, Cookie, Session, url rewrite

3 cookies are short text messages that the Web server sends to the client browser and saves

4 Session object is the object that the server creates and maintains for the client to hold the customer state data

5 users will disable cookies. At this point we can use URL address rewriting to solve

6 Add this cookie information to the response information by HttpServletResponse's Addcookie method

7 Session object is created when a statement such as Httpservletrequest.getsession () is called by a servlet

8 Session object is saved on the server side, the browser closes does not mean that the session object is deleted

9 session only recognize SessionID not identify

10 you should try to use a domain object with short maintenance time

11 when the first response is returned to the customer, an attempt is made to set up a cookie and URL rewrite two ways

State management of Web applications