The realization principle of Cookie and Session


1. Conversation technology

Because it Cookiebelongs to a kind of conversation technology, before explaining Cookieand Session, let's take a look at what is conversation technology.

会话That is 说话, I ran into Zhang San on the street today. The two of us are old friends who have not seen each other for many years, so we and you say each other until one of us is gone, then this time the conversation is over.

So the same 会话is true, there may be multiple requests and responses between the browser and the server, until the browser and the server are closed, this time 会话it is over. Such a process is called:One session

So, how to save the data information in this session is a big problem. CookieAnd Sessionto help save the data information for this session.

CookieFor client-side session technology, data information is saved on the client side (browser)

SessionFor server-side conversation technology, data information is stored on the server

二、Cookie

To learn Cookiethe realization principle through a case , define two HttpServlet:

The first one is used to send Cookie:

@WebServlet("/cookieDemo1")
public class CookieDemo1 extends HttpServlet {
    
    
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        //1. 创建Cookie对象
        Cookie cookie = new Cookie("msg","hello");
        //2. 发送Cookie
        response.addCookie(cookie);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        this.doPost(request, response);
    }
}

The second one is used to get Cookie:

@WebServlet("/cookieDemo2")
public class CookieDemo2 extends HttpServlet {
    
    
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        //3. 获取Cookie,拿到数据
        Cookie[] cookies = request.getCookies();
        //如果cookies不为空,就拿到cookies里面所有的value
        if (cookies != null) {
    
    
            for (Cookie cookie : cookies) {
    
    
                String name = cookie.getName();
                String value = cookie.getValue();
                System.out.println(name + " : " + value);
            }
        }
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        this.doPost(request, response);
    }
}

Now run the server, first visit cookieDemo1, click F12, select the network, you can find that the first time you visit cookieDemo1, the server responded to the browser with cookieinformation
Insert picture description here

Then visit cookieDemo2, the request header carries cookieinformation to the server
Insert picture description here

Maybe the above text is not easy to understand, it is clear by drawing a picture below:
Insert picture description here

In the first visit cookieDemo1, the server gives a response and sets the response header set-cookie : msg=hello, and the browser stores the cookieinformation; in the second visit cookieDemo2, the browser encapsulates the stored information in the request header and sends it to the server.

Three, Session

Before we start Session, let me explain one point: Sessionit depends on it Cookie. Let’s put it aside for now 为什么. Through a case, let’s take a look:

Create two HttpServlet:

The first one is for setting information:

@WebServlet("/sessionDemo1")
public class SessionDemo1 extends HttpServlet {
    
    
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        //1. 获取HttpSession对象
        HttpSession session = request.getSession();
        //2. 存储数据
        session.setAttribute("msg","hello");
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        this.doPost(request, response);
    }
}

The second one is used to obtain Sessioninformation:

@WebServlet("/sessionDemo2")
public class SessionDemo2 extends HttpServlet {
    
    
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        //1. 获取HttpSession对象
        HttpSession session = request.getSession();
        //2. 获取数据
        Object msg = session.getAttribute("msg");
        System.out.println(msg);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    
        this.doPost(request, response);
    }
}

Run the server and visit the first one. You can see that for the first visit, the response header carries a Cookiemessage. This cookiemessage is:

JSESSIONID=67680D84ACA2B7844FCCF3F4FE89E84B

Ouch, what is this? Do not rush, please continue to read: the
Insert picture description here
second visit, this time we found that the response header also carried such a cookiemessage:

JSESSIONID=67680D84ACA2B7844FCCF3F4FE89E84B

Same as the one above!
Insert picture description here

Next, enter the big secret link, and the Cookiesame, first draw a picture:
Insert picture description here
because Sessionthe data of the object is stored on the server side and there is only one, then how to ensure that the Sessionsame one is obtained multiple times in a session is a big problem. to solve this problem, so who the Sessiontarget set a id, and by Cookiethe idsending to the browser, so the browser only through idto get it ready to find Sessionan object where we are. So: Sessionit depends Cookie.

Guess you like

Origin blog.csdn.net/lesileqin/article/details/112663817