Due to the stateless nature of http, session management or session tracking becomes an unavoidable topic of web application development. By default, a web server cannot distinguish whether an http request is the first visit. For example, a webmail application requires users to be logged in before they can view emails. Therefore, after the user has entered the corresponding username and password, the user should not be prompted to log in again. It should be remembered that those users are already logged in. In other words, it should be possible to manage the user's session.
URL rewriting
URL rewriting is a session tracking technology that adds one or more tokens to the query string of the URL. Each token is usually in the form of key=value, as follows:
url?key-1=value-1&key-2=value-2
Note that a hello (?) is used to separate URLs and tokens, and an ampersand (&) is used to separate tokens.
URL rewriting is suitable for situations where tokens do not need to be passed between too many URLs, however it has the following limitations:
The url has a maximum length of 2000 strings on some browsers;
To pass to the next resource, the value needs to be inserted into the link, in other words, it is difficult for static pages to pass the value;
URL rewriting needs to be done on the server side, and all links must have values, so when there are many links on a page, the processing process will be a big challenge.
Certain characters such as spaces, ampersands and question marks must be encoded in base64;
All information is visible, some cases are inappropriate.
Because of the above restrictions, url rewriting is only suitable for information that is only passed between a small number of pages, and the information is not sensitive.
cookies
A cookie is a small piece of information that automatically interacts between a browser and a web server, so cookies can be stored to transfer information across multiple pages. The transmission of cookies as part of the HTTP header is controlled by the HTTP protocol. Additionally, you can control how long cookies are valid. Browsers typically support up to 20 cookies per website.
The problem with cookies is that users can refuse to accept cookies by changing their browser settings.
To use cookies, you need to be familiar with the javax.servlet.http.coockie class and the httpServletRequest and httpServletResponse interfaces.
A cookie can be created by passing the name and value parameters to the constructor of the cookie class:
Cookie cookie = new Cookie(name,value);
Here's an example of a cookie that creates a language selection:
Cookie languageSelectionCookie = new Cookie(“language”,”Italian“);
After creating a Cookie object you can set the domain, path and maxAge properties. Where the maxAge attribute determines when the cookie expires.
HttpSession object
Of all the session tracking techniques, the httpSession object is the most powerful and versatile. A user can have at most one httpSession, and it will not be accessed by other users. The httpSession object is automatically created when the user visits the website for the first time. You can obtain this object by calling the getSession method of HttpServletRequest.
ps: This is a preliminary understanding of the session, and a detailed blog post will be released later