The session is used to differentiate the users that are accessed by using the ID set in the cookie

Interview was asked when the session is through what distinguishes each user, at that time a little nervous, and Haw half a day, now refer to the online content integration and made a part of the changes to do a detailed interpretation, thanks again to all the great God, grow together

1, when using the following sentence to create a session,

HttpSession session = Request.getsession (true);/or use request.getsession (); it means the same thing.

Each session of the server to create a session will have a corresponding SessionID (the essence of SessionID see this paste:
http://www.cnblogs.com/japanbbq/archive/2011/09/01/2161650.html), and the server will put this sessionid back to the client in the form of a cookie (browser), The next time the same user visits will take this SessionID attribute. Sometimes there is a problem, if the client (browser) is accidentally turned off, then the cookie does not exist.
For example, the common shopping cart features, when shopping, accidentally shut down the browser, the next time the user to visit, the last record does not exist, so when the session is created, you can create the corresponding SessionID saved to a set validity of the cookie, Then when you close the browser, in a relatively short time, open the browser again, the last browse record is still in.

The following code can be implemented:

HttpSession session = Request.getsession (true);
Session.setattribute ("Key", "value");
String sessionId = Session.getid ();   
Cookie Setsessionid = new Cookie ("Mysessionid", sessionId);//sessionid default is stored in a name of
Mysessionid Setsessionid.setpath ("Last Path");
Setsessionid.setmaxage (30 * 60);//in seconds, so 30 minutes
Response.addcookie (Setsessionid);

Speaking of which, let's discuss a new question:

Some sites use session IDs to record users, and each user will generate a unique session ID, added to the URL, when they visit the site. Every visit of the web crawler will also be treated as a new user, the URL will be added a different session ID, so that the web crawler each access to the same page URL, followed by a separate session ID. This is also one of the most common reptile traps. Search engine encountered this often session ID, will try to determine whether the string is a session ID or normal parameters, successfully determine the session ID can be removed session ID, included in the normal URL. But also often judge does not come out, either unwilling to include, or included multiple URL with different session ID, content is exactly the same, the formation of a large number of copied content, both of which are unfavorable to the optimization of the website.
2, back to the point, why I above this code set the life cycle of cookies, open the browser again, this cookie is still there, and when you create a session and default to the form of cookies to the client, accidentally closed the browser, The cookie does not exist when it is opened again.
Here is an introduction to the cookie lifecycle:
A cookie that does not set an expiration time (using the Setmaxage () method) means that the cookie lifecycle is a browser session, and the cookie disappears when the browser window is closed. This lifetime is called a session cookie for browsing session cookies. Session cookies are generally not stored on the hard drive but are kept in memory.
If an expiration time is set, the browser saves the cookie to the hard disk and then opens the browser again after it is closed, and the cookies remain valid until the set expiration time is exceeded. Cookies stored on your hard disk can be shared between different browser processes, such as two IE windows. For cookies stored in memory, different browsers have different ways of handling them.

Old iron, if wrong please point out, learning, do not learn what to do in that ...