Web application state Cookie/session/url rewrite management

Status Management Overview:
The HTTP protocol uses a stateless connection
For a container, each request comes from a new customer
Here we have four ways to solve this state:
A: Form hidden fields
B:cookie
C:session
D:url rewrite

Let's take a brief description of these four scenarios:

A: State management Solutions-form hidden fields
Form hidden fields:
<input type= "hidden" name= "session" value= ""/>

1: Session tracking for user access on the site.

2: Provide predefined input for server-side programs.

3: Store dynamically generated page context information.

A major disadvantage of hidden fields is that it works only when each page is dynamically generated.

B: The form is valid when generating dynamic, so we use an HTTP cookie to keep it in place, and it needs to be read.

Using HTTP cookies can be a good way to maintain and preserve user status information, but cookies involve some sensitive privacy issues, some users disable cookies, and then we need another method to solve



C:url rewrite

D:servlet provides an excellent solution , Httpsessionapi, which is built on cookies and URL rewriting.
Keep the customer's status information on the server side

The Session object is the object that the server creates and maintains for the client to hold the customer state data

One: Cookies

1:cookie principle:
When the server responds to the request by storing some data in the form of a "key-value" pair in response to the client, when the browser accesses the same application again, the original cookie is brought to the server side by the request information.

Cookie cookie = new Cookie ("Cool", "tiger!");

Response.addcookie (cookie);

2: Manage Cookies in Serlvet
The servlet provides an API for the following series of action cookies
? Cookie (name, value): Construct method to create one or more cookies
? setmaxage (int lifetime): Sets the expiration time, in seconds, for a cookie. The default value is negative (the cookie expires when the browser closes)
? Getmaxage (): Gets the expiration time of the cookie.
? GetName (): Get the name of the cookie
? SetValue (String value): Specifies the value of the cookie.
? GetValue (): Get the value of a cookie
-.......

3: Using cookies in the servlet
To send a cookie to the client, the servlet should follow the following procedure:
? Create one or more cookies, using the constructor method to specify the name and value of the cookie
? Set property values for cookies using the Setxxx method
? Insert a cookie into the response header using the Addcookie () method of the HttpServletResponse object
To read the client incoming Cookie,servlet perform the following steps:
? Returns an array of cookie objects using the GetCookie method of the HttpServletRequest object
? The servlet iterates through the array (calling the GetName () method) until the cookie value that matches the name is found



Second: session
1:session principle
-The server can create and maintain a session object for the client to store the data.
-When the session object is created, the server will produce a unique number for the sessions object, which is called SessionID
-The server stores the SessionID on the client in a cookie format.
-When the browser accesses the server again, the SessionID is brought to the server as cookie information, and the server can retrieve and access the previous session object through the SessionID

2:session Work Flow

3:SESSION session tracking mechanism

User sends request

HttpSession session = Request.getsession (); GetSession (False) method uses a session that already exists without having to create new sessions
Response from the server
Send Request again
4:httpsessoin interface
Some methods commonly used in HttpSession interface
SetAttribute (java.lang.String, Java.lang.Object): Binds an object with a name in the Session object.
GetAttribute (java.lang.String): Gets the object that is saved in the Session object by name.
RemoveAttribute (java.lang.String): Deletes an object corresponding to a name in the session.
? GetCreationTime (): Returns the first time the session was created.
? Getlastaccessedtime (): Returns the request time the container last obtained the session ID.
? setmaxinactiveinterval (int interval): The maximum interval, in seconds, that a client request is specified for a session. -1 means never expire
? getmaxinactiveinterval (int interval): Returns the maximum time interval for a customer request.
? Invalidate (): The session ends, and all session properties that currently exist in the session are unbound.
? GetId (): This method returns the unique identity of each session
-......
5: Session Timeout management
The destruction session can be used in three simple ways//when the browser closes, it does not mean that the sessions object is deleted
? set session timeout.
? Invoke the Invalidate () method on the Session object.
? Application end (crash or Undeploy)
Configure//In Web.xml files in minutes

<session-config>

<session-timeout>15</session-timeout>

</session-config>

6:session Persistence Management

Third: URL rewriting

The session object's normal use depends on the cookie
URL address rewriting enables the session to be placed in the cookie and attaches the session ID to the individual URLs where the application was last

URL Rewrite method:

Response.encodeurl ()

Response.encoderedirecturl ("/lovobook/sucess.html")

URL rewriting is done automatically by the container, but we need to encode the URL to be valid

Summary:
The 1 HTTP protocol uses a stateless connection, and the connection is only one request/response
2 Status Management Scenario: Form hidden field, Cookie, session, URL rewrite
3 cookies are short text messages that the Web server sends to the client browser and saves
4 The Session object is the object that the server creates and maintains for the client to hold the customer state data
5 users will disable cookies. Then we can use URL address rewrite to solve
6 Add the cookie information to the response information through the HttpServletResponse Addcookie method
7 The Session object is created when a servlet invokes a statement such as Httpservletrequest.getsession ()
8 Session object is saved on the server side, browser shutdown does not mean that the session object was deleted
9 Session only recognize SessionID
10 you should try to use a domain object with a short maintenance time
11 When you return the first response to the customer, you will also try to set the cookie and URL rewrite two ways