Session, as a back-end technology that we can't do without, it appears mainly to solve the stateless characteristics of the Http protocol , and is used to solve the storage problem of user state, and often it involves a time issue for storage. Below we Let’s take a look at the methods of destruction.
Way of destruction
- The default time expires
- Set expiration time yourself
- Immediate failure
- Close the browser
- Shut down the server
Case practice
The default time expires
When the client requests the servlet for the first time and operates the session, the session object is generated. Take Tomcat as an example. The default survival time of the session in Tomcat is 30min, that is, the time you do not operate the interface. Once there is an operation, the session will be timed again. Can the default time of the session be changed? The answer is yes. It can be modified in the web.xml file in Tomcat. As shown below:
Set expiration time yourself
Of course, in addition to the above modification methods, we can also set the life cycle of the session ourselves in the program, through session.setMaxInactiveInterval(int); to set the maximum inactive time of the session, in seconds.
HttpSession session = req.getSession();
session.setMaxInactiveInterval(5);
Of course, we can also use the getMaxInactiveInterval(); method to view the maximum inactive time of the current Session object.
Immediate failure
Or we can use the session.invalidate(); method to invalidate the session immediately.
session.invalidate();
Close the browser
The bottom layer of the session relies on cookie implementation, because different users access the server to determine which session is used, so when the user accesses the server for the first time, a session id is often stored to the user through a cookie, and the cookie’s effective time is Close the browser, so that the session becomes invalid when the browser is closed (because there is no session id to correspond to it). As shown in the figure below, close it and open it again, and assign a session id to the browser again.
It should be noted that only the cookie is invalid here. If you visit the server again, it will treat you as a new user and create a session for you without destroying the previous session object.
Shut down the server
When the server is shut down abnormally, the session is destroyed; when the server is shut down normally, the session will be serialized to disk, in the SESSION.ser file under the work directory of the workspace. If the object is saved in the session, the server is shutting down When you want to serialize the object to the hard disk, the object must implement the Serializable interface, and it will be automatically loaded into the memory when the service is started next time. As shown in the figure below, you can see that there is an additional SESSIONS.ser file in the folder after the normal shutdown, and the file disappears when the server is restarted.
Extension ~ Cookie Destruction
In addition to seeing the name and content of the cookie from the figure, we also need to care about a piece of information, expiration time , expiration time is used to specify when the cookie expires. The default is that the current browser is disabled when it is closed. We can manually set the effective time of the cookie (calculated by the expiry time), and set the maximum effective time of the cookie through the setMaxAge(int expiry); method, in seconds .
-
An integer greater than 0 indicates the number of seconds to store; if it is a negative number, it indicates that the cookie is not stored; if it is 0, the cookie is deleted.
-
Negative integer : The default value of the cookie's maxAge attribute is -1, which means it only survives in the browser memory. Once the browser window is closed, the cookie will disappear.
-
Positive integer : indicates that the cookie object can survive the specified number of seconds. When the life is greater than 0, the browser will save the cookie to the hard disk, even if the browser is closed, even if the client computer is restarted, the cookie will survive the corresponding time.
-
Zero : Cookie life equal to 0 is a special value, which means that the cookie is invalid! In other words, if the original browser has already saved this cookie, you can delete this cookie through cookie setMaxAge(0). This cookie will be deleted whether in the browser memory or on the client hard disk.