What is Session?
- session represents a session between the client and the server
- The session in the web refers to the time that a user spends browsing a website, from entering the website to closing the browser, that is, the time the user spends browsing the website.
- As can be seen from the above definition, session is actually a specific time concept.
- Sessions are stored in the server's memory, and different sessions are saved for different users.
The following shopping process is a session.
session object
- The session object is a JSP built-in object.
- The session object is automatically created when the first JSP page is loaded to complete session management.
- A session begins when a client opens a browser and connects to the server, and ends when the client closes the browser and leaves the server.
- When a client accesses the server, it may switch between several pages of the server. The server should know that this is a client in some way, which requires the session object.
- A session object is an instance of the HttpSession class.
Common methods of session objects:
- long getCreationTime(): returns the SESSION creation time
- public String getId(): Returns the unique ID number set by the JSP engine for the SESSION when it was created.
- public Object setAttribute(String name, Object value): Binds an object to this session with the specified name.
- public Object getAttribute(String name): Returns the object bound to the specified name in this session, or null if no object is bound under that name
- String[] getValueNames(): Returns an array containing all available properties in this SESSION.
- int getMaxInactiveInterval(): Returns how long between two requests this SESSION is canceled (in seconds)
The life cycle of session:
create:
When the client requests a jsp or servlet for the first time, the server will create a SessionId for the current session. Every time the client sends a request to the server, it will carry this SessionId over, and the server will verify this SessionId.
Activity:
- Opening a new page through a hyperlink within a session belongs to the same session.
- As long as the current page is not completely closed, reopening a new browser to access the same project resources belongs to the same session.
- Unless all pages of this session are closed and then revisiting a Jsp or Servlet will create a new session.
Note: Note that the original session still exists, but the old SessionId still exists on the server, but no client will carry it and submit it to the server for verification. The server will destroy the sessionId after the timeout set for this session expires.
destroy:
There are only three ways to destroy a Session:
- The session.invalidate() method is called.
- Session expired (timeout)
Tomcat's default timeout is 30 minutes.
There are two ways to set the timeout period:
-
- session.setMaxInactiveInterval(time): //The unit is seconds
- Configure in web.xml
<session-config>
<session-timeout>10</session-timeout>
</session-config> in minutes
3. The server restarts.