Session basic usage
request.getSession (): method without parameters, the old session, session with the old. Not the old session, create a new session. Generally used when storing data.
request.getSession (Boolean): If the parameter is true, no equivalent to the reference method. Is false, there is the old session with the old session, no null is returned.
Session works
1. Write Session list
after the first when a user submits a request, the server to perform getSession () method, automatically generate a Map.entry object. key is an algorithm to generate new JSessionID, value is referenced session of the newly created.
2. The server generates and transmits a cookie
server will JSESSIONID generated as a cookie, JSESSIONID called, is a value of the JSESSIONID, cookie and sent to the server. When the server gets the data, find the corresponding session based on production cookie sent by, find the corresponding value.
3. The client accepts and sends cookie
server corresponding to the client, and the client will accept the session cookie, cookie will be saved to the cache. When the page is not closed, when sending the request will be sent directly to the cookie cache to the server, the server looks session directly from the cookie, do not need to create.
Session failure
1.session.invalidate (): allows session fail. Unbundling bind all objects in the session's. This method does not allow session is null.
2. The length of 10 minutes set the session fails.
web.xml
<session-config>
<session-timeout>10</session-timout>
</session-config>
After Cookie disable the redirection of session tracking session
disable the cookie, you can not use a cookie JSessionID to find session.
Just use the uri = response.encodeRedirectURL(uri);uri address can be overwritten.
index.html
<body>
<form action="${pageContext.request.contextPath}/someServlet">
<input type="text" name="user"/>
</form>
</body>
Save index.html page data Servlet
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("user");
HttpSession session = request.getSession();
session.setAttribute("username", username);
response.getWriter().write(username);
String uri = request.getContextPath()+"/otherServlet";
//重写uri地址,在地址后面添加JSessionID
uri = response.encodeRedirectURL(uri);
response.sendRedirect(uri);
}
Redirects to obtain data page.
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession(false);
String username = (String) session.getAttribute("username");
response.getWriter().write(username);
}
Non redirection disabled cookie, session tracking Session
Ibid principle, the method is just to rewrite uri address uri = response.encodeURL(uri);can be.
