JSP nine built-in objects
- The page object The
page object is an instance of the javax.servlet.jsp.HttpJspPage class. The page object represents the current JSP page, which is the object of the Servlet class after the current JSP is compiled, and is equivalent to the keyword this in the Java class. - request request object The
request object is an instance of the javax.servlet.ServletRequest class, representing the client's request. The request contains the information of the client and the requested information, the attached address parameters, etc. Each client request will generate a request instance. - Response response object The
response object is an instance of the javax.servlet.ServletResponse class, representing the client's response. Any output from the server is sent to the client browser through the response object. Each time the server will respond with a response instance. - Config configuration object The
config object is an instance of the javax.servlet.ServletConfig class. ServletConfig encapsulates the parameters configured to initialize the JSP in web.xml. In JSP, these parameters are obtained through config, and each JSP file has one and only one config object. - The pageContext
object is an instance of the javax.servlet.jsp.PageContext class. The pageContext object represents the compiled content of the current JSP page, and the resources in the JSP can be obtained through the pageContext. - application application object
application object is an object of javax.servlet.ServletContext class. application encapsulates the information of the Web application where the JSP is located, such as the global initialization information configured in web.xml. The application object in the Servlet needs to be obtained through ServletConfig.getServletContext(), and the entire Web application corresponds to an application object. - out output stream object
out object is an instance of javax.servlet.jsp.JspWriter class. The character content output by the server to the client can be output through the out object. Obtaining method: PrintWriter out = response.getWriter(). - session object The
session object is an instance of the javax.servlet.http.HttpSession class. Session and cookie are two mechanisms for recording customer access information. Session is used to store user information on the server side, and cookie is used to store user information on the client side. Servlet obtains the session object through request.getSession(), but it can be used directly in JSP. If <%@page session=”false”%> is configured in JSP, the hidden object session is not available. Each user corresponds to a session object. - The exception object is an
object of java.lang.Exception class. Exception encapsulates the exception information thrown in the JSP. To use the exception object, you need to set <%@page isErrorPage"true"%>. The exception object exception is usually used to handle error pages.
JSP four scope objects
The role of domain objects: save data, obtain data, and share data.
page域: 只能在当前jsp页面使用
request域: 只能在同一个请求中使用,请求转发会携带这个数据
session域: 只能在同一个会话(session对象)中使用,从打开浏览器到关闭浏览器
context域: 只能在同一个web应用(服务器中有效)使用,从打开服务器到关闭服务器
The difference between Session and Cookie
The HTTP protocol is a stateless protocol. Once the data exchange is complete, the connection between the client and the server will be closed, and a new connection needs to be established to exchange data again. This means that the server cannot track the session from the connection. Session tracking is a very important thing. In theory, all request operations of a user should belong to the same session.
Cookie
Cookie is such a mechanism that can make up for the lack of statelessness of the HTTP protocol. It is a text string handle sent to the client's browser and stored on the client's hard disk, which can be used to persist data between a certain WEB site session. Note: The maxAge attribute of the cookie is the expiration time, in seconds. If it is a positive number, the cookie will expire after maxAge seconds. If it is a negative number, the cookie is a temporary cookie, and it will become invalid after closing the browser, and the browser will not save the cookie in any form. If it is 0, it means delete the cookie. The default is -1.
Session
Session is another mechanism to record the state of the client. The difference is that the Cookie is stored in the client browser, while the Session is stored on the server. When the client browser accesses the server, the server records the client information on the server in some form. When the client browser accesses again, it only needs to look up the client's status from the session.
Session is automatically created when the user accesses the server for the first time. After the session is generated, as long as the user continues to access, the server will update the last access time of the session and maintain the session. Every time a user visits the server, the server considers the user's session to be "active" once regardless of whether the session is read or written. In order to prevent memory overflow, the server will delete sessions that have not been active for a long time from the memory. This time is the Session timeout period.
the difference
The Cookie mechanism confirms the identity of the customer by checking the "passport" on the customer, and the Session mechanism confirms the identity of the customer by checking the "customer list" on the server. Session is equivalent to a client file created by the program on the server. When a client visits, it only needs to query the client file table.
- The cookie data is stored on the client's browser, and the session data is stored on the server.
- Cookies are not very secure. Others can analyze the cookies stored locally and perform cookie spoofing. In consideration of safety, session should be used.
- The data saved by a single cookie cannot exceed 4K, and many browsers limit a site to save a maximum of 20 cookies. (The Session object does not have a limit on the amount of stored data, which can store more complex data types)
- Important information such as login information is stored as a session; if other information needs to be retained, it can be stored in a cookie.
