Web program Session Management--httpsession and cookies

The principles of Session management for Web apps:

Because the web app's requests and responses are HTTP-based, HTTP is a stateless communication protocol that only records the information for this request, so the server does not remember the relationship between the request and the next request. So the principle of Session management: Before the next request, the information that is actively going to be maintained is communicated to the server, allowing the Web application to know the association between requests.

The main way to achieve this:

1, the use of hidden fields;

2, the use of cookies;

3, the URL rewrite

1 and 3 are relatively simple, but also the most commonly used, the purpose is simple, is to tell the server he should remember something, lest he forgot ah.

Now the main thing to say about cookies:---> Common application scenarios are: Automatic login

A cookie is a way for a browser to save information that can be understood as a file, saved to the client, and the server can get information about the cookie by responding to the browser's Set-cookie header. You can set a deadline for this file, which will not disappear because of the browser's closing time. In fact, we should be not unfamiliar with this effect, many shopping sites are this do, even if you do not buy things, he also remembers your preferences, now back, will give priority to you to submit your favorite things ah, they are really painstaking ah.

Operation of Cookies:

Add a cookie

Cookie cookie = new Cookie ("User", "Suntao");
Cookie.setmaxage (7*24*60*60); Valid for one week
Response.addcookie (cookie);

Get cookies

Because the value of the cookie is obtained for the entire Web page scope, the resulting array
cookie[] cookies = request.getcookies ();

for (int i = 0; i < cookies.length; i++) {
String name = Cookies[i].getname ();
String value = Cookies[i].getvalue ();
}

The realization of HttpSession session mechanism-->servlet session mechanism

|--obtains the HttpSession object through Httpservletrequest.getsession and assigns a value to the session through the setattribute (), which can be invalidated by invalidate ().

|--each httpsession has a unique identity sessionid, as long as the same open browser is obtained by request to the session is the same.

The |--web container default is to save SessionID to the client with a cookie mechanism and set this cookie to off browser invalidation, the cookie name is: Jsessionid

|--each request by reading the SessionID in the cookie to get the corresponding session

|--httpsession data is stored on the server side, so do not save data resources are very large resources, if necessary, can be removed or set to fail

|--httpsession can be set by Setmaxinactiveinterval () or configured in Web. xml

<session-config>

<!--units: minutes--

<session-timeout>30</session-timeout>

</session-config>

！ HttpSession is saved SessionID by default using cookies, which can be implemented by URL rewriting when a cookie is disabled by the client.

Can be implemented via Response.encodeurl (URL)

The end of the API to Encodeurl is that when the browser supports cookies, the URL does not do any processing, and when the browser does not support cookies, the URL will be rewritten to sessionid the access address.

Web program Session Management--httpsession and cookies