cool hit counter cookies and sessions_Intefrankly

cookies and sessions

I: Introduction to session technology

  1. Stores the state of the client. For example, if a user is shopping on top of the mall, how does the server store the information for different clients? Where is the information accessed stored? Because the http protocol is stateless, the server does not know which client it is when the client accesses the server, so session technology is needed to identify the client's installed state. To be clear session technology is what enables the server to remember the state of the client (differentiate between clients).
  2. Session technology: The entire process of a browser opening to access one of the sites until the browser closes is called a session. Session technology is all about recording the data and state of the client during this session. Session technology is divided into cookies and sessions, and both sessions and cookies serve to maintain the state of client-server interaction.
    • cookie: the response information returned by the server is stored in the client as key/value. Reduces the stress on the server side, but security is not good because the client can delete cookie information. And the size of cookies stored by the client cannot exceed 4k, a browser can store up to 50 cookies, lower versions may store 20 cookies.
    • session: exactly the opposite of a cookie. Session is storing data on the server side, which is relatively safe, but increases the pressure on the server side. Mainly used to solve the problem of sharing between servers  

II: cookie technology

  A cookie is a session technology that stores information about the user on the client side

   Conditions for creating cookies.

    • The name value of the cookie cannot be the same as the value of the attribute in set-cookie
    • The value of the cookie's name value and value cannot be a non-Assic code. If there is Chinese in the cookie, you need to use URLEncode to encode it, otherwise the program will run with exceptions
    • The presence of Token characters (,, etc.) in the values of name and value in a cookie sets the version in the cookie to 1 (two versions of the cookie exist, version 0 and version 1).    
  1.   How does the server side return the cookie to the client?
    1. Create cookie object :Cookie cookie = new Cookie(cookieName,cookieValue); The cookie is returned to the client as a response header (set-cookie)
    2. Set the cookie's expiration time: cookie.setMaxAge(millisecond value): Note: If the cookie's persistence time is not set, the cookie information is stored in the browser's memory and destroyed if the browser is closed (session technology), if the expiration time is set, the cookie information is persisted to the browser's disk file until the cookie expires and the cookie is destroyed.
    3. Set to carrycookie pathway:setPath("/"); If not set to carrycookie pathway, Then visit the Createcookie All resources under the path will carrycookie information。 for example: createdcookie The path is:/web application/servlet1 , Then visit /web application/servlet1 Any resources under will carrycookie
    4. The createdcookie Send to client ; response.addCookie(cookie); will ring on the client side shouldcookie 

  Illustration of the cookie's stored procedure

  III: session technology

  • Why is there a session?

   The reason for session is: too many cookies returned by the server to the client, the server and the client's transmission communication increased, affecting performance, the emergence of session is to solve this problem. When interacting with the client domain server, it is not necessary to return a cookie each time, just give the client a uniquely identified id (JSESSIONID), which is the cookie with the name JSESSIONID.

  • What is a session?

    Session session technology is a session technology stored on the server side. Each time a client accesses, a small piece of memory is created on the server side to hold the client's information, requiring the client to carry a JSESSOIONID to find the small piece of memory that belongs to them. The session requires the JSESSIONID value stored with the help of a cookie. The problem is: if too many sessions are stored, it causes too much pressure on the server side and reduces efficiency.

  • How to use session?

   1.Get session

  HttpSession session = request.getSession();

  This statement is to get the session object belonging to the current session. If the session object already exists, it will return directly; if not, a new session object will be created and returned (principle: find whether the session exists on the server side based on the JSESSIONID carried by the client)

   2.Accessing data to the session object

   Because session is a domain object, there are three common methods

  session.setAttribute(String ,string)


  session. removeAttribute(String)

   3.Lifecycle of a session object

   Create: execute request.getSession() to start creating session objects


   (1) session expiration, default 30 min.

   (2) Destroyed on (abnormal) server shutdown.

   (3) Manually destroy the session: use session.invalidate();

   Scope of action: default in a session, i.e. all resources in a session share a session object

Browser closing is not the same assession obliterate!!! owing tosession The technology is based oncookie Technology implementation, Restarting the browser to access the original connection again will still create a newsession targets。 owing tocookie Disappears by default when the browser is closed, And that meansJSESSIONID I can't find it.。 But the originalsession Objects are still stored on the server side, I just can't find it anymore.( No more.JSESSIONID), Only untilsession Automatic destruction。

   Illustration of session's stored procedures

To summarize: session and cookie are to maintain (record) the user's access status, on the one hand, for the simple implementation of business functions, on the other hand, to simplify the server-side programming.

Distributed session: solves the problem of session sharing. For example, there are two applications under tomcat: web1 and web2, access to web1 will create a session object session1, access to web2 will create session object session2, session is not shared in different applications, to solve the session sharing, you need to consider the use of distributed session solution.

1、Notice on the call for papers of Heqin Cup of Jiangsu Communication Society in 2018
2、Film and TV Books Black Mirror Season 4
3、2017 Annual Points Raffle begins with goodies
4、NetEase Planet standing on the blockchain wind gives you 50 Force Value when you join Black Diamond is open for bidding
5、Character drawing software download turns pictures into character generated drawings

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送