Web must know cookie and session

1, first of all, cookies and the purpose of the session is what.

A: Both are in order to maintain client access to the user and the background server interaction state , the reason for maintaining this state, one is to facilitate the implementation of some business, on the other hand, in order to simplify the backend service design, improve performance.

2, how to understand cookies.

A: I understand that the cookie is used by the server to differentiate the access user , a user issued an HTTP request, the service side to determine whether the user is the first visit, if it is a new user, then have to register first, And then save some of this user's information in the form of a Key-value key value pair, through the HTTP response to let the user back to the client, so that users save, the next visit, with the message also brought over, a look is an old acquaintance, the background is not registered direct processing business, convenient and efficient.

3, how to understand the session.

A: Cookies are stored on the client, while the client save cookies are limited in number and size, then we think that server-side information can be saved a lot of, this has a session.

When we visit a new customer, we can register the information and then save it on the server, giving the user a unique information identifier (usually a cookie named Jsessionid), and the next time the user accesses, only the information ID will be presented. The background can be all of his other information out (that is, to take out the session), and then the business is good, to prevent the loss of information tampering and so on, and there is no capacity limit.

4. Session How to work based on cookies.

A: Just when it comes to understanding the session, it refers to the identification of a session (typically a cookie named Jsessionid), which is usually stored in a cookie on the client to maintain the session. However, this is the case where the cookie is allowed to be used, and if the cookie is disabled, it will be implemented by default using the URL parameter.

Specific implementation process :
A, the client makes the first request because the server does not know whether the cookie is available, so the server prepares a test name Jsessionid cookie as the identity of the client session and overwrites the URL parameter in the HTTP response. In the tail plus jsessionid, return the response.
b, when the client makes a request again , it will contain information about whether the cookie is available, and if available, use a cookie to save the Jsessionid and overwrite the ID in the URL, if not available, using the URL Parameter rewrite the way to achieve jsessionid delivery to maintain the session.
C, when the browser is closed or the session expires, the cookie is invalidated.

5, how to configure Sessioncookiename?
Answer: The default sessioncookiename is Jsessionid, We can configure the Session-config item in Web.xml, where the Name property under Cookie-config is the Sessioncookiename, which can be defined by the user.

6, session how to work.

A: After getting the session ID through the method in question 4, you can get the HttpSession object by Request.getsession (), if the session ID does not correspond to httpsession, then create a new one.

then who manages the HttpSession object.

on the surface , all httpsession are added to the Org.apache.catalina.Manager sessions container, which manages the lifecycle of all sessions. The session expires and is recycled.

more specifically , Standardmanager is the implementation class for the manager, and the standardsession is the HttpSession implementation class The Standardmanager class is responsible for managing the lifecycle of all Standardsession objects in the servlet container.

If the session does not expire, and the server shuts down, does it still exist?

As long as the server is properly shut down, Standardmanager will persist all standardsession that have not expired to a file named "Session.ser" when the servlet restarts, Standardmanager initialization, will re-read the file to parse out all session objects, save in the Standardmanager sessions collection, session recovery.

However, when the server is not shut down gracefully, there is no time to persist the session, which will result in lost sessions.

7. What is the defect of cookie and session?

Everything has two sides, and their presence poses some challenges, such as the capacity of the cookie (size, quantity limit), security issues (easy to tamper with), session server sharing issues.