03-cookie、session

cookie、session

conversation

Session: The user opens the browser, clicks many hyperlinks, visits multiple web resources, and closes the browser. This process is called a session

Stateful conversation: A classmate has been to the classroom, and the next time he comes to the classroom, we know that he has been there.

Two techniques for saving sessions

cookie

Client technology (response, request)

session

Server technology, using this technology can save the user's session information, we can save the information or data into the session.

cookie

1. Get the cookie information from the request
2. The server responds to the client cookie

@Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    
        req.setCharacterEncoding("utf-8");
        resp.setCharacterEncoding("utf-8");
        Cookie[] cookies = req.getCookies();
        int flag=-1;
        for (int i = 0; i < cookies.length; i++) {
    
    
            if (cookies[i].getName().equals("loginTime")){
    
    
                flag=i;
                break;
            }
        }
        if (flag!=-1){
    
    
            long loginTime = Long.parseLong(cookies[flag].getValue());
            Date date = new Date(loginTime);
            System.out.println(date.toLocaleString());
        }else {
    
    
            System.out.println("欢迎您首次到来！");
        }
        //每次登录网站都会更新时间
        Cookie loginTime = new Cookie("loginTime", System.currentTimeMillis() + "");
        //给cookie设置一个有效期
        loginTime.setMaxAge(24*60*60);
        resp.addCookie(loginTime);
    }

There is an upper limit on cookies

• A cookie can only hold one piece of information
• A web site can send multiple cookies to the browser, and store up to 20 cookies
• Cookie sites have a size limit of 4kb
• The browser limit is 300 cookies

delete cookies

Do not set the expiration date, close the browser, it will automatically expire

Set the validity period to 0

encode decode

URLEncoder.encode("中文","utf-8");
URLDecoder.decode(cookies[0].getValue(),"utf-8");

session

introduce

• The server will create a session object for each user (browser)
• A session monopolizes a browser, as long as the browser is not closed, the session exists
• After the user logs in, the entire website can be accessed --> save the user's information

@Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    
        //解决乱码问题
        req.setCharacterEncoding("utf-8");
        resp.setCharacterEncoding("utf-8");
        resp.setContentType("text/html;charset=utf-8");
        //得到session
        HttpSession session = req.getSession();
        //得到sessionId
        String id = session.getId();
        //在session中存储属性
        session.setAttribute("name","小黑子");
        if (session.isNew()){
    
    
            resp.getWriter().write(id+"创建成功！");
        }else{
    
    
            resp.getWriter().write(session.getAttribute("name")+"属性设置成功！");
        }
        //手动注销session
        session.invalidate();
    }

Set session valid date

<session-config>
<!--        以分钟为单位-->
     <session-timeout>15</session-timeout>
 </session-config>

The difference between session and cookie

• The cookie is to write the user's data to the user's browser, and the browser saves it (multiple can be saved)
• The session is to write the user's data into the user's exclusive session, and save it on the server side (save important resources and reduce the waste of server resources)