1. Brief introduction to Session
In WEB development, the server can create a session object (session object) for each user's browser. Note: a browser monopolizes a session object (by default). Therefore, when user data needs to be saved, the server program can write the user data to the session exclusive to the user's browser. When the user uses the browser to access other programs, the other programs can retrieve the user's data from the user's session. User service.
Here we understand the concept and principle of Session based on Java Servlet. In Java, the Session object of HTTP is represented by javax.servlet.http.HttpSession.
2. The difference between Session and Cookie
- Cookie is to write user's data to user's browser
- Session is to write user data to the user's exclusive Session
- The Session object is created by the server, developers can call the GetSession method of the request object to get the session object
3. Session implementation principle
How does the server implement a session to serve a user's browser?
During the first visit, the server creates a new sesion and sends the session Id to the client browser in the form of a cookie. After the server creates a session, it will write back the session ID to the client in the form of a cookie. In this way, as long as the client's browser is not closed, when you go to the server, it will take the session ID. If the client browser comes with the session id, it will use the corresponding session in memory to serve it.
4. Creation and destruction of Session object
4.1 Creation of Session object
//范例:创建session
//使用request对象的getSession()获取session,如果session不存在则创建一个
HttpSession session = request.getSession();
//获取session的Id
String sessionId = session.getId();
//判断session是不是新创建的
if (session.isNew()) {
response.getWriter().print("session创建成功,session的id是:"+sessionId);
}else {
response.getWriter().print("服务器已经存在session,session的id是:"+sessionId);
}4.2 Destruction of Session object
1) Session timeout: timeout means that the server has not received the request of the client corresponding to the session for a certain period of time, and this time exceeds the maximum time set by the server for Session timeout.
2) The program calls HttpSession.invalidate ()
3) The server is shut down or the service is stopped
Will the session be deleted because the browser is closed?
No, the session will only be closed by the method mentioned above.
The following are methods 1,2:
The session object is not used by default for 30 minutes, the server will automatically destroy the session, you can manually configure the expiration time of the session in the web.xml file,
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name></display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- 设置Session的有效时间:以分钟为单位-->
<session-config>
<session-timeout>15</session-timeout>
</session-config>
</web-app>When the Session needs to be manually disabled in the program, you can manually call the session.invalidate method to destroy the session.
HttpSession session = request.getSession();
//手工调用session.invalidate方法,摧毁session
session.invalidate();5.Session location
In the server's memory (the server collapsed and all sessions disappeared). However, the session can be managed in a special way (put the session on disk).
6. Where does the session id come from
How sessionID is used: When the client first requests a session object, the server will create a session for the client (session creation time, because the session will consume memory resources, so if you do not intend to use session, you should Close it in JSP. ) , And will calculate a session ID through a special algorithm, used to identify the session object, when the browser next time (session continues to be valid) request other resources, the browser will secretly sessionID Placed in the request header, the server receives the request sessionID after receiving the request, the server finds the session with the id and returns it to the requester == (Servlet) == (jsp is inserted into the request session object method when compiled into servlet: HttpSession session = HttpServletRequest.getSession (true)) will be used. There can only be one session object for a session, and for the session, only the id is not recognized.
7. Session other issues
- session is a container that can store any object during the session.
- The session is generated because of the request (request object). Multiple requests in the same session share a session object, which can be obtained directly from the request.
- In fact, the creation and use of the session is always on the server, and the browser never gets the session object. But the browser can request a Servlet (jsp is also a Servlet) to obtain session information. What the client browser really gets is the session ID, and this is invisible to the person operating the browser, and the user does not need to care about which session he is in.
Reference: JavaWeb Learning-Session
