Session, as a back-end technology that we can't do without, it appears mainly to solve the stateless characteristics of the Http protocol, and is used to solve the storage problem of user state, and often it involves a time issue for storage. Below we Let’s take a look at the methods of destruction.
Destruction of the
default time expires
own set expiration time
expires immediately
close the browser
shut down the server
case practical operation of
the default time expires
when the client first request servlet and operating session, session object generation, for example to Tomcat, Tomcat The default survival time of the middle session is 30min, that is, the time you do not operate the interface. Once there is an operation, the session will be re-timed. Can the default time of the session be changed? The answer is yes. It can be modified in the web.xml file in Tomcat. As shown below:
Set the expiration time by yourself.
Of course, in addition to the above modification methods, we can also set the life cycle of the session in the program. Set the maximum inactive time of the session through session.setMaxInactiveInterval(int); in seconds.
The session = the req.getSession the HttpSession ();
session.setMaxInactiveInterval (5);
Copy the code
of course we can also getMaxInactiveInterval (); to view the current maximum inactivity time Session object.
Immediately invalidate
or we can also use session.invalidate(); method to invalidate the session immediately.
session.invalidate();
Copy code to
close
the bottom of the browser session depends on cookie implementation, because different users access the server to determine which session is used, so when the user visits the server for the first time, a session id is often stored in a cookie To the user side, and the effective time of the cookie is to close the browser, so the session is equivalent to invalid when the browser is closed (because there is no session id to correspond to it). As shown in the figure below, close it and open it again, and assign a session id to the browser again.
image-20200708195027943
It should be noted that here only the cookie is invalid. If you visit the server again, it will treat you as a new user and create a session for you without destroying the previous session object.
Shut down the server
When the server is shut down abnormally, the session is destroyed; when the server is shut down normally, the session will be serialized to the disk, in the SESSION.ser file under the work directory of the workspace. If the object is saved in the session, the server To serialize the object to the hard disk when shutting down, the object must implement the Serializable interface, and it will be automatically loaded into memory when the service is started next time. As shown in the figure below, after the normal shutdown, you can see that there is an additional SESSIONS.ser file in the folder, and the file disappears when the server is restarted.
Extension ~ Cookie Destruction
In addition to seeing the name and content of the cookie from the figure, we also need to care about a piece of information, expiration time, expiration time is used to specify when the cookie expires. The default is that the current browser is closed and invalidated. We can manually set the effective time of the cookie (calculated by the expiry time), and set the maximum effective time of the cookie through the setMaxAge(int expiry); method, in seconds.
An integer greater than 0 indicates the number of seconds to store; if it is a negative number, it indicates that the cookie is not stored; if it is 0, the cookie is deleted.
Negative integer: The default value of the cookie's maxAge attribute is -1, which means it only survives in the browser memory. Once the browser window is closed, the cookie will disappear.
Positive integer: indicates that the cookie object can survive the specified number of seconds. When the life is greater than 0, the browser will save the cookie to the hard disk, even if the browser is closed, even if the client computer is restarted, the cookie will survive the corresponding time.
Zero: Cookie life equal to 0 is a special value, which means that the cookie is invalid! In other words, if the original browser has already saved the cookie, you can delete the cookie through setMaxAge(0) of the cookie. This Coo will be deleted whether it is in the browser memory or on the client hard disk