1. Brief introduction to Session
In WEB development, the server can create a session object (session object) for each user browser. Note: a browser has a session object exclusively (by default). Therefore, when the user data needs to be saved, the server program can write the user data into the session exclusive to the user's browser. When the user uses the browser to access other programs, other programs can retrieve the user's data from the user's session. User Services.
The HTTP protocol ( http://www.w3.org/Protocols/ ) is a "one-time one-way" protocol.
The server cannot actively connect to the client, but can only passively wait and reply to the client's request. The client connects to the server, sends an HTTP Request, the server processes the request, and returns an HTTP Response to the client. This HTTP Request-Response Cycle ends.
We see that the HTTP protocol itself does not support the server to save the client's state information. Therefore, the concept of session is introduced in Web Server to save the state information of the client.
Here is an image metaphor to explain how the session works. Suppose the Web Server is a store in a shopping mall, and the HTTP Request is a customer. The first time the administrator comes to the store, the administrator stores the customer's items in a certain cabinet (this cabinet is equivalent to a session), and then puts a The number plate is handed over to the customer as a receipt for the package (this number plate is the Session ID). When the customer (HTTP Request) comes next time, the number plate (Session ID) must be handed over to the administrator of the storage office (Web Server). The administrator finds the corresponding cabinet (Session) according to the number plate (Session ID), and according to the request of the customer (HTTP Request), the Web Server can take out, replace, and add items in the cabinet (Session). Request) number plate and the cabinet (Session) corresponding to the number plate are invalid. The customer (HTTP Request) is very forgetful, and the administrator must remind the customer to remember their number plate (Session ID) again when the customer returns (HTTP Response). In this way, the next time the customer (HTTP Request) comes, he will come back with the number plate.
We can see that the Session ID is actually passed back and forth between the client and the server through HTTP Request and HTTP Response.
2. The main difference between Session and Cookie
A cookie is a browser that writes the user's data to the user.
Session technology writes the user's data to the user's exclusive session.
The Session object is created by the server, and the developer can call the getSession method of the request object to get the session object.
Third, the principle of session implementation
How does the server implement a session to serve a user's browser?
After the server creates a session, it will write the session id number back to the client in the form of a cookie. In this way, as long as the client's browser is not closed, when accessing the server, it will bring the session id number to the server. When it is found that the client browser comes with the session id, it will use the corresponding session in memory to serve it.
1. Session expiration:
1>. The client browser is closed:
2>. session session expires;
3>. The client session calls .invalidate();
2. The browser is closed and the session is still there;
When the client browser is closed, the session will still exist on the server for a certain period of time, but when the browser is opened again, a new session will be generated, and the browser matches the session on the server through the generated sessionid attribute; then Although the last session is still there, it cannot be accessed;
3. What is <% @ page session="false" %>?:
This sentence means that the session cannot be used at present, but the page session can still be created;
4. When is the session created:
Created when the program calls HttpServletRequest.getSession(true); if the page does not use <%@ page session="false"%>, when the jsp page is compiled into a servlet, HttpSession session = HttpServletRequest.getSession(true) will be automatically added ;
Three methods for session sharing in tomcat cluster
The first two need to use memcached or redis to store sessions, and the last one uses terracotta server sharing.
1. Use the filter method to store
This method is recommended because it has a wide range of servers, not limited to tomcat, and the principle of implementation is relatively simple and easy to control.
You can use memcached-session-filter
2. Use the tomcat sessionmanager method to store
3. Use terracotta server sharing