Cookie&Session (session technology)

one. Cookie technology

The whole process from opening a browser to visit a site to closing the browser becomes a session

Session technology is divided into Cookie and Session

Cookie: The data is stored locally on the customer service side, reducing the pressure on the storage of the server side, the security is relatively low, and the customer service side is also aware of cookies

Session: Store data on the server side, the security is relatively good, increasing the pressure on the server

1. Four steps of cookie sending technology
1. Create a Cookie instantiation object
Cookie cookie = new Cookie(String cookieName,String cookieValue);
Cookie cookie = new Cookie("userName","123456");
2. Set the persistence time of cookies on the client side (can be omitted)
cookie.setMaxAge(int seconds)//秒
Example: 10 minutes
3. Set the path to carry cookies (can be omitted)
cookie.setPath(String Path);
Example: Global Cookie Configuration
4. Send cookies to the client
response.addCookie(Cookie cookie);

 Step 1:
Notes on creating a cookie

Chinese display cannot be used in cookies

Step 2:

If the persistence time is not set, the session level will be used, that is, the cookie will be cleared when the window is closed. If the persistence is set, the information in the cookie will be solidified to the disk, and the browser will automatically clear the cookie file when the time is up.

third step:

If the carrying path is not set, the cookie information will be generated when the cookie is accessed, and the path where the web resource is located will carry the cookie information.

To delete cookies:

As long as the persistent cookie with the same name and path is used to overwrite

2. The server accepts the cookie carried by the client,
Cookie[] cookies = request.getCookies()
for(Cookie cookie : Cookies){
    String cookieValue = cookie.getValue();



2. Session technology

Session technology is a technology that stores data on the server side. It will create a memory space for each client to store the client's data, but the client needs to carry an ID to the server to find its own memory space each time. Therefore, the implementation of Session is based on cookies, and Session needs to store the unique identifier JSESSIONID of the customer with the help of Cookie


1 . Get the Session object
HttpSession session = request.getSession();
This method will obtain the Session object dedicated to the current session. If there is no Session object for the session on the server side, a new Session will be created and returned. If there is already a Session belonging to the session, the existing Session will be returned directly.
(The essence is to judge whether the client already has a session on the server according to JSESSIONID)
2. Access data to the Session object
session.setAttribute(String name,object obj);
session.getAttribute(String name);
session.removeAttribute(String name);


 Session object life cycle

  1. Server (uncleanly shut down)
  2. Session expires/invalidates, the time is from start of access to server resources
  3. Manually destroy the session - session.invalidate();

   Default: in a session, that is, in a session, any resource shares a session object


Guess you like