content
Session passivation and activation
Session introduction
Server-side session tracking technology: save data to the server
JavaEE provides the HttpSession interface to realize the data sharing function between multiple requests of a session
use:
1. Get the Session object
HttpSession session=request.getSession();
2. Session object function
void setAttribute(String name,Object o);//存储数据到session域中
Object getAttribute(String name);//根据key获取value值
void removeAttribute(String name);//根据key,删除键值对
Create two classes SessionServlet and SessionServlet1
package com;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class SessionServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//存储到session中
//1、获取session对象
HttpSession session=req.getSession();
//存储数据
session.setAttribute("username","root");
}
}
public class SessionServlet1 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取数据。从session中
//1获取session对象
HttpSession session=req.getSession();
//获取数据
Object username=session.getAttribute("username");
System.out.println("获取到的session值为"+username);
}
web.xml configures the access addresses of the two classes
<servlet>
<servlet-name>SessionServlet1</servlet-name>
<servlet-class>com.SessionServlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionServlet1</servlet-name>
<url-pattern>/sessionServlet1</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>SessionServlet</servlet-name>
<servlet-class>com.SessionServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionServlet</servlet-name>
<url-pattern>/sessionServlet</url-pattern>
</servlet-mapping>
First visit ① and then visit ② to run
Session principle
Session is implemented based on cookies
The obtained object has a unique identifier id. Tomcat sends the session id as a cookie to the browser. Tomcat will add the set-cookie response header JSESSIONID= value to the response and store it in the browser memory. It will go to the memory to find whether there is an id before, if there is, use the data directly, if not, create it
Session usage details
Session passivation and activation
If the server restarts, will the data in the session still exist?
Passivation: After the server is shut down normally, Tomcat will automatically write the session data to the hard disk file
Activation: After starting the server, load data from the file into the Session
Session destruction:
① By default, it will be automatically destroyed after 30 minutes of inactivity (the following units are minutes)
<session-config>
<session-timeout>30</session-timeout>
</session-config>
②Call the invalidate() method of the Session object
Once the browser is closed, the session is destroyed, because the session is transmitted through cookies
summary
Both Cookie and Session are used to complete data sharing between multiple requests within a session
the difference:
Storage location: Cookie stores data on the client, and Session stores data on the server
Security: Cookie is not secure, Session is secure
Data size: Cookie has a maximum size of 3KB, and Session has no size limit
Storage time: Cookies can be stored for a long time, Session defaults to 30 minutes
Server performance: Cookies do not occupy server resources, while sessions occupy server resources