The web server uses the Http protocol. Http is a stateless protocol. The Http web server cannot maintain an association with the client. A session is defined as a series of interactions between a single client and a web server over a period of time. Within a session, tracking data between requests becomes session tracking.
1. Session Tracking Using Hidden Domains
is the easiest way to hide fields in an HTML form, but not show them on the client side. For example, enter the user name and password in the first page to log in, and the server generates a response and returns to the second page. The username from the first page may still need to be known when the second page is submitted.
This continuous process can then be achieved by hiding the form fields. When the first page is submitted, the server responds and returns to the second page, in which the user name from the login is recorded with a hidden field. In layman's terms, when the server sends back the response to the client, it sends the user name back to the client at the same time, and hides it with a hidden domain, which is invisible. When the second page is submitted, the username in this hidden field is submitted with the form. This way the server can still tell if this user is the same as the previous user. Therefore, after processing the result again, the response continues to be sent back to the client, and the response still contains the username, and the client still uses the hidden field to hide this information. This completes a continuously requested action, but is invisible to the user.
“`
2. SSL session {Secure Socket Layer)
Secure Sockets Layer is an encryption technology that runs on top of TCP/IP and under application-layer protocols like HTTP. SSL is the encryption technology used in the HTTPS protocol. SSL allows the server using SSL to authenticate the client using SSL, and maintains an encrypted connection between the client and the server. During the establishment of the encrypted connection, both the client and the server can session key" thing, which is a symmetric key used for encryption and decryption. A server based on the HTTPS protocol can use the client's symmetric key to establish a session.
3.Cookies
The Chinese translation is cookie, invented by Netscape, and is the most commonly used way to track user sessions. Cookies are pieces of information sent by the server to the client, stored in the client's memory or hard drive, and sent back in subsequent requests from the client to the server. In fact, the main thing is to save the session ID assigned by the server to the client in Cookies. Each time a request is sent, the Cookies are attached to the request object and sent together. The server obtains this unique session
ID, which can uniquely identify a client.
4. URL rewriting
If the client disables cookies, then only the URL rewriting mechanism can be used. It is to append the session ID that identifies the client to the
URL, the web container parses the URL, takes out the session ID, and associates the request with a specific session according to the session ID.
Note that if URL rewriting is used, all urls in the code must be encoded, urlresponse.encodeRedirectURL(url) in response.sendRedirect(url) is encoded, and others are encoded with response.encodeURL(url)