Original address: https://www.cnblogs.com/woshimrf/p/5317776.html
The article seems to be, this is concise. speak clearly. Share with everyone.
Sessionid is the key of a session. When the browser accesses the server for the first time, a session will be generated on the server side, and there is a sessionid corresponding to it. The sessionid generated by tomcat is called jsessionid.
The session is created when accessing the getSession(true) of the HttpServletRequest of the tomcat server . The ManagerBase class of tomcat provides a method for creating sessionid: random number + time + jvmid ;
Stored in the memory of the server, the StandardManager class of tomcat stores the session in the memory, and can also be persisted to file, database, memcache, redis, etc. The client only saves the sessionid in the cookie , but does not save the session. The session can only be destroyed by invalidate or timeout. Closing the browser will not close the session.
So when is the Session created? Of course, it is created during the running of the server-side program. Applications implemented in different languages have different methods of creating a Session. In Java, they are created by calling the getSession method of HttpServletRequest (using true as a parameter). When the Session is created, the server will generate a unique Session id for the Session, and this Session id will be used to retrieve the created Session in subsequent requests; after the Session is created, you can call the Session-related The method adds content to the Session, and these content will only be stored in the server, and only the Session id will be sent to the client; when the client sends a request again, it will bring this Session id, and the server will receive the request after receiving the request. Find the corresponding Session according to the Session id and use it again.
Create : The sessionid is generated for the first time until a server-side program calls a statement such as HttpServletRequest.getSession(true).
Delete : timeout; program calls HttpSession.invalidate(); program closes;
Where the session is stored : in memory on the server side. However, sessions can be persistently managed in a special way (memcache, redis).
Where does the session ID come from , and how is the session ID used: When the client requests the session object for the first time, the server will create a session for the client, and will calculate a session ID through a special algorithm to identify the session session object
ManagerBase是所有session管理工具类的基类,它是一个抽象类,所有具体实现session管理功能的类都要继承这个类,该类有一个受保护的方法,该方法就是创建sessionId值的方法:( tomcat的session的id值生成的机制是一个随机数加时间加上jvm的id值,jvm的id值会根据服务器的硬件信息计算得来,因此不同jvm的id值都是唯一的),StandardManager类是tomcat容器里默认的session管理实现类,它会将session的信息存储到web容器所在服务器的内存里。PersistentManagerBase也是继承ManagerBase类,它是所有持久化存储session信息的基类,PersistentManager继承了PersistentManagerBase,但是这个类只是多了一个静态变量和一个getName方法,目前看来意义不大, 对于持久化存储session,tomcat还提供了StoreBase的抽象类,它是所有持久化存储session的基类,另外tomcat还给出了文件存储FileStore和数据存储JDBCStore两个实现。