sessionid is the key of a session. The first time the browser accesses the server, a session will be generated on the server side , and there is a sessionid corresponding to it. The sessionid generated by tomcat is called jsessionid.
(The session is created when accessing the getSession(true) of the HttpServletRequest of the tomcat server . The ManagerBase class of tomcat provides a method for creating sessionid: random number + time + jvmid
Stored in the memory of the server, the StandardManager class of tomcat stores the session in the memory, and can also be persisted to file, database, memcache, redis, etc. The client only saves the sessionid in the cookie, but does not save the session. The session can only be destroyed by invalidate or timeout. Closing the browser will not close the session)
So when is the Session created? Of course, it is created during the running of the server-side program. Applications implemented in different languages have different methods of creating a Session. In Java, they are created by calling the getSession method of HttpServletRequest (using true as a parameter). When the Session is created, the server will generate a unique Session id for the Session, and this Session id will be used to retrieve the created Session in subsequent requests; after the Session is created, you can call the Session-related The method adds content to the Session, and these content will only be stored in the server, and only the Session id will be sent to the client; when the client sends a request again, it will bring this Session id, and the server will receive the request after receiving the request. Find the corresponding Session according to the Session id and use it again.
Create: The sessionid is generated for the first time until a server-side program calls a statement such as HttpServletRequest.getSession(true).
Delete: timeout; program calls HttpSession.invalidate(); program closes;
Where the session is stored: in memory on the server side. However, sessions can be persistently managed in a special way (memcache, redis).
Where does the session ID come from, and how is the session ID used: When the client requests the session object for the first time, the server will create a session for the client, and will calculate a session ID through a special algorithm to identify the session session object
ManagerBase is the base class of all session management tool classes. It is an abstract class. All classes that specifically implement session management functions must inherit this class. This class has a protected method, which is the method to create the sessionId value:(The mechanism for generating the id value of the session of tomcat is a random number plus time plus the id value of the jvm. The id value of the jvm will be calculated according to the hardware information of the server, so the id values of different jvms are unique),The StandardManager class is the default session management implementation class in the tomcat container.It stores session information in the memory of the server where the web container is located.PersistentManagerBase also inherits the ManagerBase class, which is the base class for all persistent storage session information. PersistentManager inherits PersistentManagerBase, but this class only has one more static variable and one getName method, which seems to be of little significance at present. For persistent storage sessions, Tomcat also provides the abstract class of StoreBase, which is the base class for all persistent storage sessions. In addition, tomcat also provides two implementations of file storage FileStore and data storage JDBCStore.