An overview of the session
1. What is a session? It's like making a phone call.
A session can be simply understood as: the user opens a browser, clicks multiple hyperlinks, accesses multiple web resources on the server, and then closes the browser. The whole process is called a session.
2. What is the problem to be solved by the session process? Keep each client's own data.
Each user will inevitably generate some data in the process of using the browser to communicate with the server, and the program must find a way to save the data for each user.
For example, if a user clicks a hyperlink to purchase a commodity through a servlet, the program should find a way to save the commodity purchased by the user, so that when the user clicks the checkout servlet, the checkout servlet can obtain the commodity purchased by the user and check out for the user.
Thinking: Can the items purchased by the user be stored in the request or servletContext? Answer: No.
Two techniques for saving session data:
Cookie: It is a client-side technology , and the program writes each user's data to the user's respective browser in the form of a cookie.
When users use a browser to access web resources in the server, they will bring their own data.
In this way, the web resource deals with the user's own data.
HttpSession: Session is a server-side technology . Using this technology, the server can create an exclusive HttpSession object for each user's browser at runtime .
Since the session is exclusive to the user's browser, when the user accesses the web resources of the server, they can put their own data in their own session.
When the user accesses other web resources in the server, the other web resources retrieve data from the user's respective session to serve the user.
2. Cookies (cookies/cookies)
Since the cookie data is saved and carried by the client, it is called client-side technology.
The javax.servlet.http.Cookie class is used to create a Cookie, and an addCookie method is defined in the response interface, which is used to add a corresponding Set-Cookie header field to its response message header.Similarly, a getCookies method is also defined in the request interface, which is used to obtain the cookies submitted by the client.
1. Properties:
name: The name cannot uniquely identify a cookie. Path may be different.
value: Chinese cannot be stored.
path: The default value is the access path of the program that wrote the cookie.
For example: Cookie written by http://localhost:8080 /day10_00_cookie/servlet /ck1
The path is: /day10_00_cookie/servlet to see the path of the resource (servlet) file that currently creates the cookie.
When the client accesses other resources of the server, it decides whether to bring the cookie to the server according to the access path.
If the currently accessed path starts with the path of the cookie (including sub-paths under the path), the browser will carry the cookie. Otherwise without cookies.
maxAge: The cache time of the cookie. Default is -1 , -1 indicates that the cookie will remain until the browser is closed. (It is stored in the browser's cache by default). The unit is seconds.
Negative numbers: Indicates that the cookie's data is stored in the browser cache.
0: means delete. Note: The path must be consistent, otherwise the wrong person may be deleted.
Positive number: Indicates the time to cache (persist to disk). The unit is seconds.
2. Method:
public Cookie(String name, String value) constructor (only one)setValue and getValue methodssetMaxAge and getMaxAge methods (in seconds)setPath and getPath methodssetDomain and getDomain methodsgetName method
3. Supplementary knowledge points:
Interview question: What are the servlets responsible for?
1. Get form data
2. Handle business logic
3. Distribution steering
Case:
1. The client remembers the username
2. Display the last item viewed by the user
Three, HttpSession (session)
In WEB development, the server can create a session . Note: a browser has an exclusive session object (by default).Therefore, when the user data needs to be saved, the server program can write the user data into the session exclusive to the user's browser. When the user uses the browser to access other programs, other programs can retrieve the user's data from the user's session. User Services.
The main differences between sessions and cookies are:A cookie is a browser that writes the user's data to the user.
Session technology writes the user's data to the user's exclusive session.The Session object is created by the server , and the developer can call the getSession method of the request object to get the session object.
1. Why learn HttpSession?
> It is also a domain object: servletContext (different browsers) > session (multiple sessions of the same browser) > request (one session)
> Under the same session , multiple resources of an application can share data .
> Cookie is a client-side technology that can only store character strings. It is insecure and stores a small amount of information, so it is not suitable for storing sensitive information . HttpSession is a server -side technology that can store objects .
2. Common methods
Store the data in the HttpSession object, which is also a domain object .
void setAttribute(String name, Object value) Binds an object to this session with the specified name. If an object with the same name is already bound to the session, the object is replaced.
Object getAttribute(String name) Returns the object bound with the specified name in this session, or null if no object is bound under that name.
void removeAttribute(String name) Removes the object bound with the specified name from this session. If the session does not have an object bound with the specified name, this method does nothing.
String getId() Returns a string containing the unique identifier assigned to this session. Identifiers are assigned by the servlet container and are implementation-dependent.
setMaxInactiveInterval(int interval) Set the survival time of the session (the default survival time is 30 minutes)
void invalidate() invalidates this session (called when logging out of the website)
3. getSession(): Internal execution principle
HttpSession request.getSession(): Internal execution principle
1. Get the value of the cookie named JSESSIONID. For example: Cookie: JSESSIONID=070BB766FAB03E03DBF28F8040CA616F
2. If there is no such cookie, the server creates a new HttpSession object, assigns a unique SessionID, and writes a cookie named JSESSIONID=sessionID to the client.
3. If there is such a cookie, the server obtains the value of the cookie (that is, the value of the HttpSession object), and finds the HttpSession object from the server's memory according to the ID:
Found: Take out to continue serving you.
Not found: From 2, create a new HttpSession object .
HttpSession request.getSession(boolean create): Returns the current HttpSession associated with this request, or a new session if there is no current session and create is true.
parameter:
true: Same as getSession() function.
false: According to the value of the cookie of the client's JSESSIONID, find the corresponding HttpSession object, and return null if not found (but will not create a new one, just query).
4. The problem of saving session data after the client disables cookies
Client-side disabling of cookies: The browser will never send a Cookie request header to the server.
solution:
Option 1: Give a hint on the home page: Please do not disable your cookies.
Option 2: URL rewriting. All addresses of the website must be rewritten.
http://url ---> http://url;JSESSIONID=070BB766FAB03E03DBF28F8040CA616F
response.encodeURL(String url);
See if the browser has sent the Cookie request header, rewrite the URL if not, and not rewrite if there is.
request.getSession(); // must be written, although not received