Java study notes (8)--Session and Cookie

Origin

  HTTP is a stateless protocol, it does not manage the state of the previous request and response, that is, the request cannot be processed according to the previous state. When logging in to a system, because it is stateless, each time a new web page is requested after logging in to the system, it is not necessary to log in again every time, or it is necessary to add parameters to each request message to manage the login status.

  • Advantages of a stateless protocol: It is not necessary to save the state, so the CPU and memory resource consumption of the server can be reduced.
  • Disadvantages of stateless protocol: The server needs to determine who sent the request for each request, which will also cause some burdens on the server. To solve such problems, the Cookie mechanism and the Session mechanism are introduced.

Cookie

  • What it is: Refers to the data stored on the user's local terminal by some websites in order to identify the user's identity and perform session tracking
  • Implementation mechanism: Cookie technology controls the state of the client by writing Cookie information in the request and response messages. Cookie will notify the client to save the cookie according to a header field information called Set-Cookie in the response message sent from the server. When the client sends a request to the server next time, the client will automatically add the cookie value to the request message and send it out. After the server finds the cookie sent by the client, it will check which client the connection request is sent from, then compare the records on the server, and finally get the previous status information.

  ① The backend returns a cookie to the frontend and requires the client to save the cookie information

Cookie cookie = new Cookie("rewardsn",""); // 新建Cookie
Cookie cookie = new Cookie("Path","/"); // 新建Cookie
response.addCookie(cookie); // output to client

  ②The front end receives the response information and saves the information according to Set-Cookie


③After saving the information, subsequent requests will automatically bring cookies



  • Cookie features: Cookies cannot be cross-domain, and each website will issue a cookie to the client, so that Google will not carry Baidu's cookie, and Baidu will not carry Google's cookie.

Session

  • What is: is an interactive session between the browser and the server
  • Implementation mechanism: The server generates a sessionId and returns it to the client. The client stores the sessionId in the client's cookie, and also stores a sessionId on the server of the server, which is used to compare the client and the server to confirm this time. Which user the session is requesting.
  • Use: It involves a distributed deployment scheme. If you use the session method to save the state, you need to set the session sharing. If there are many deployed servers, it may cause a network storm. Therefore, it is generally used in combination with redis. Please refer to: https:// blog.csdn.net/jerome_s/article/details/52658946
  • Set the session expiration time in tomcat (the default is 20 minutes), and modify the time in tomcat's web.xml:
<session-config>
   <session-timeout>60</session-timeout> <!-- Unit: minutes-->
</session-config>

the difference

  • Cookies are stored on the client side, and Sessions are stored on the server
  • Because the cookie is placed on the client side, there is modification deception, which is relatively unsafe. The session is placed on the server, which is relatively safe.
  • The session is placed on the server. When the session increases, it will consume server resources.
  • Some websites have restrictions on cookies, sometimes no more than 20

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325936295&siteId=291194637