Stores the state of the client. For example, if a user is shopping on top of the mall, how does the server store the information for different clients? Where is the information accessed stored? Because the http protocol is stateless, the server does not know which client it is when the client accesses the server, so session technology is needed to identify the client's installed state. To be clear session technology is what enables the server to remember the state of the client (differentiate between clients).
Session technology: The entire process of a browser opening to access one of the sites until the browser closes is called a session. Session technology is all about recording the data and state of the client during this session. Session technology is divided into cookies and sessions, and both sessions and cookies serve to maintain the state of client-server interaction.
cookie: the response information returned by the server is stored in the client as key/value. Reduces the stress on the server side, but security is not good because the client can delete cookie information. And the size of cookies stored by the client cannot exceed 4k, a browser can store up to 50 cookies, lower versions may store 20 cookies.
session: exactly the opposite of a cookie. Session is storing data on the server side, which is relatively safe, but increases the pressure on the server side. Mainly used to solve the problem of sharing between servers
II: cookie technology
A cookie is a session technology that stores information about the user on the client side
Conditions for creating cookies.
The name value of the cookie cannot be the same as the value of the attribute in set-cookie
The value of the cookie's name value and value cannot be a non-Assic code. If there is Chinese in the cookie, you need to use URLEncode to encode it, otherwise the program will run with exceptions
The presence of Token characters (,, etc.) in the values of name and value in a cookie sets the version in the cookie to 1 (two versions of the cookie exist, version 0 and version 1).
How does the server side return the cookie to the client?
Create cookie object :Cookie cookie = new Cookie(cookieName,cookieValue); The cookie is returned to the client as a response header (set-cookie)
Set the cookie's expiration time: cookie.setMaxAge(millisecond value): Note: If the cookie's persistence time is not set, the cookie information is stored in the browser's memory and destroyed if the browser is closed (session technology), if the expiration time is set, the cookie information is persisted to the browser's disk file until the cookie expires and the cookie is destroyed.
Set to carrycookie pathway：setPath("/"); If not set to carrycookie pathway， Then visit the Createcookie All resources under the path will carrycookie information。 for example： createdcookie The path is：/web application/servlet1 ， Then visit /web application/servlet1 Any resources under will carrycookie
The createdcookie Send to client ； response.addCookie(cookie)； will ring on the client side shouldcookie