Java Web-session management

Enterprise 2023-06-05 12:15:54 views: null

Four ways of Session tracking

url rewriting

URL rewriting adds one or more tokens to the url as a query string. The token is generally kv to
url?k1=v1&k2=v2...&kn=vn

If the token does not have to be carried on multiple urls, then website rewriting is more appropriate.
The biggest disadvantage of website rewriting is that the token is explicit, which can be seen in the url address bar.
All application URL rewriting must have token information that is not too important or needs to be hidden.

hidden field

Put the token in the hidden field of the html form. Compared with URL rewriting, the method of hiding domains is more secure and
transmits more data, because URLs limit characters. No recoding required. The same applies to URL rewriting.
Applicable only if the information being transferred does not need to span multiple pages.

<form method="post" action="xxx.do">
	<input type="hidden" name="id" value="1"/> <!-- 隐藏域 token信息-->
	<table>
		<tr>
			<td>city</td>
			<td><input type="text" name="cityname" value="Miami"/></td>
		</tr>
		<tr>
			<input type="submit" name="submit"/>
		</tr>
	</table>
<form>

When the form is transmitted to the server, you can know which user submitted it

Cookie

Neither URL rewriting nor hidden fields work for information that spans many pages. A cookie can solve this situation. A cookie is a small piece of information that is automatically passed back and forth between the web server and the browser. You can usually add cookies to servlets

public class MyServlet extends HttpServlet{
    
    
	@Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    
      	Cookie c = new Cookie("username","cyl"); //cookie token也是k-v键值对
        c.setMaxAge(60); // 设置cookie的最大存活时间
        resp.addCookie(c); //添加cookie在响应体中
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    
       doGet();
    }
}

It should be noted that there is no getCookieByName method to obtain a single cookie, and only an array of cookies can be obtained at one time each time.
request.getCookies(); returns an array of cookies

HttpSession object

Of all the session tracking techniques, the HttpSession object is the most powerful and versatile.
HttpSession is generated when the user requests the server for the first time. Each user can only access his own httpsession.
request.getSession() can get the current seesion object

httpsession adds information through the setAttribute(String name, Object value) method. But the generation of httpsession will consume
server memory, because httpsession is generated on the server side, and it will always reside in the server memory during its lifetime until it
is destroyed. Therefore, httpsession cannot store a large amount of data and needs to be operated with caution.

Guess you like

Origin blog.csdn.net/qq_29757633/article/details/102762439
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com