javaweb03_Cookie和Session
Cookie
Cookie is a key-value pair stored on the client, which can make up for the lack of statelessness of the HTTP protocol.
The server creates and sends a Cookie object to the browser:
Cookie cookie = new Cookie("LastLoginTime", System.currentTimeMillis()+"");
//设置Cookie的有效期为1天
cookie.setMaxAge(24*60*60);
resp.addCookie(cookie);
Server obtains Cookie:
Cookie[] cookies = req.getCookies();
Cookie validity period:
- By default, when the browser is closed, the cookie data is destroyed
- setMaxAge()After setting the cookie validity period, the cookie will automatically expire when the time is up
- Generally use setMaxAge(0) to delete cookies
Cookie Chinese character problem:
- Before tomcat8, cookie storage of Chinese characters requires transcoding
//编码
Cookie cookie = new Cookie("name",URLEncoder.encode("张三","utf-8"));
resp.addCookie(cookie);
//解码
URLDecoder.decode(cookie.getValue(),"utf-8");
- After tomcat8, cookies support the storage of Chinese data
The maximum size of a single cookie is 4KB
. The total number of cookies stored in the same domain name in the browser is also limited. Different browsers can store different cookies.
session
Session is stored on the server, which is another mechanism for recording client status
When the client accesses the server for the first time, the server creates a different HttpSession object for each browser by default, and then sends a JSESSIONID to the client
This JSESSIONID is essentially a Cookie
Subsequent clients will bring this JSESSIONID when accessing the server, and the server will use JSESSIONID to determine which Session belongs to the client
Get session:
HttpSession session = request.getSession();
//获取sessionid,其值就是JSESSIONID
String id = session.getId();
String name = (String) session.getAttribute("name");
Set up session:
session.setAttribute("name","BLU");
Set the validity period of the Session:
<!-- 单位为分钟 -->
<session-config>
<session-timeout>1</session-timeout>
</session-config>
Manually destroy the session:
session.invalidate();
Problem: When the browser is closed, the JSESSIONID will disappear, and a new session object will be recreated when it is accessed again. This consumes more resources.
Solution: manually create JSESSIONID and manually set its validity period:
HttpSession session = request.getSession();
String id = session.getId();
Cookie cookie = new Cookie("JSESSIONID",id);
cookie.setMaxAge(60*30);
response.addCookie(cookie);
Thinking: How does session work without cookies? '
If the browser disables the cookie function, the server cannot obtain the jsessionid, and a new session object will be generated every time it is accessed.
Solution:
<a href="<%=response.encodeURL("hello.jsp")%>">hello</a>
When the client-side cookie is disabled, the response.encodeURL method will store jsessionid in the address bar:
