What is Session?
**Session is a container created by the server for each client user who accesses the server. **The data stored in this container can be shared among multiple requests. Moreover, this container only belongs to the current user and has a unique id. Session technology is to access session data on the server side
Features of session
Each session has an id, and access to key-value
data has a survival time
. The JESSIONID of each session is different, so that each browser can access its own data without being affected by others
Session illustrates
how Session accesses data?
Get Session
HttpSession request.getSession() Get the session object, if there is a session object, return the created session, if there is no session, create a session object and
store the data
setAttribute(key, value)
read the data
getAttribute(key)
get the id of the session
String session.getId( )
Destruction of session
1. The time exceeds the survival time of the
session. The default survival time of automatically destroyed session is 30 minutes, which can be set in the global configuration file web.xml of tomcat (tomcat/config/web.xml) (Unit/minute)
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<!--将session的存活时间设置成1小时(60分钟)-->
<session-config>
<session-timeout>60</session-timeout>
</session-config>
</web-app>
2. Call the **session.invalidate()** method in the servlet to destroy the session
Session persistence
When the browser is closed, the JSESSIONID disappears, and a new session object is recreated when it is accessed again. This operation consumes more resources, so we need to implement session persistence, and use it to get the previous JSESSIONID directly from the browser next time without creating a new session.
The JESSIONID cookie disappeared after the browser was closed. When you visit again, you will not be able to identify the session.
The method of session persistence:
1. By saving the JSESSIONID of the session in a cookie, setting the lifetime, the next visit will bring it directly to the server.
It means that the session can be identified by JSESSIONID for a long time, and there is no need to create a session next time. By saving the JSESSIONID in the cookie, the company can control the survival date, and the cookie will be directly brought to the server during the next visit. Get JSESSIONID, get session object.
Case realization:
WebServlet("/JSESSIONID_Cookie")
public class JSESSIONID_CookieServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//实现持久化session
HttpSession session = request.getSession();
//获取sessionid
String id = session.getId();
//这里注意,这个key一定要是JSESSIONID
Cookie cookie = new Cookie("JSESSIONID",id);
//设置cookie存活时间,将JSESSIONID存入cookie
cookie.setMaxAge(60*30);
//响应回浏览器
response.addCookie(cookie);
}
}
2. Closing the service in tomcat will automatically persist the session (stored in a session.ser in the work directory), and the next time the server is accessed, it will be read directly from this file