Session technology Cookie and Session

1. Conversation technology

    1.1 Session: A session contains multiple requests and responses

                -One session: The browser sends a request to the server resource for the first time, and the session is established until one party is disconnected.

    1.2 Function: Share data between multiple requests within the scope of a session

    1.3 Method: 

                -Client session technology: Cookie

                -Server-side conversation technology: Seesion

2. Cookie

    2.1 Concept: Client session technology, save data to the client.

    2.2 Steps to use cookies: 

          ①Create Cookie object, bind data

               new Cookie(String name,String value)

          ②Send Cookie Object

               response.addCookie(Cookie cookie)

          ③Get Cookie, get data

               Cookie[] request.getCookies()

     2.3 Implementation principle

           Implementation based on response header set-cookie and request header cookie

     2.4 cookie details

          2.4.1 Can multiple cookies be sent at one time?


                    You can create multiple Cookie objects, and use response to call the addCookie method multiple times to send multiple cookies

          2.4.2 How long are cookies stored in the browser?

                   ①By default, when the browser is closed, the cookie data is destroyed

                   ②Persistent storage:

                           - setMaxAge(int seconds)

                                 Positive number: Write the cookie data to a file on the hard disk and store it persistently. Specify the cookie survival time. After the time is up, the cookie file will automatically become invalid.

                                 Negative number: default value

                                 Zero: delete cookie information

           2.4.3 Can cookies be stored in Chinese?

                     * Chinese data cannot be stored directly in cookies before Tomcat 8

                            Chinese data needs to be transcoded. --->Using URL encoding (%E3)

                     * After Tomcat 8, cookies support Chinese data. Special characters are still not supported. It is recommended to use URL encoding storage and URL encoding analysis.

            2.4.4 Cookie sharing problem?

                      ① Assuming that multiple web projects are deployed in a tomcat server, can cookies be shared among these web projects?

                              * Cookies cannot be shared by default

                              * setPath(String path): Set the scope of cookie acquisition. By default, set the current virtual directory

                                      If you want to share, you can set path to "/"

                      ② The problem of cookie sharing between different tomcat servers?

                               * setDomain(String path): If the first-level domain name is set to be the same, then cookies can be shared between multiple servers.

                                      * setDomain(""), then the cookies in and can be shared.

             2.4.5 Features and Functions of Cookies


                                 ① The cookie stores data in the client browser

                                 ② The browser has a limit on the size of a single cookie (4kb) and the total number of cookies under the same domain name (20)


                                 ① Cookies are generally used to store a small amount of less sensitive data

                                 ② Complete the server's identification of the client without logging in         


    3.1 Concept: Server-side session technology, which shares data between one session and multiple requests, and saves the data in server-side objects. 

    3.2 Steps to use Session:

          ① Get HTTPSession object:

                  HttpSession session = request.getSession();

          ② Use HTTPSession object:

                  Object getAttribute(String name)

                  void setAttribute(String name,Object value)

                  void removeAttribute(String name)           

    3.3 Principle of Use

               * The implementation of Session is dependent on Cookie.

    3.4 Session details

          3.4.1 When the client is closed, the server is not closed, is the same session obtained twice?

                   *By default, it is not.

                   *If you need the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time, and make the cookie persistent.

                         Cookie c = new Cookie("JSESSIONID',session.getId());



          3.4.2 The client does not close, the server does not close, is the same session obtained again?

                   Not the same, but make sure that the data is not lost

                      * Passivation of session:

                            -Before the server shuts down normally, serialize the session object to the hard disk

                      * Activation of session:

                            -After the server is started, convert the session file into a session object in memory.

          3.4.3 When is the session destroyed?

                     ①The server is shut down

                     ②The session object calls invalidate().

                     ③The default expiration time of session is 30 minutes

                          Optional configuration modification




    3.5 Features of session


                  ①Session does not store the data of multiple requests of a session, but it exists on the server side

                  ②Session can store any type and size of data

    3.6 The difference between session and cookie:

           ①session stores data on the server side, and cookies on the client side

           ②There is no data size limit for session, and cookie has limit

           ③Session data is safe, cookies are relatively insecure


       Recommended study this week: web project exercise: book city project


       Recommended learning video link:   ----->Book City Project


Guess you like