cookie、session
conversation
Session: The user opens the browser, clicks many hyperlinks, visits multiple web resources, and closes the browser. This process is called a session
Stateful conversation: A classmate has been to the classroom, and the next time he comes to the classroom, we know that he has been there.
Two techniques for saving sessions
cookie
Client technology (response, request)
session
Server technology, using this technology can save the user's session information, we can save the information or data into the session.
cookie
- Get the cookie information from the request
- The server responds to the client cookie
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
Cookie[] cookies = req.getCookies();
int flag=-1;
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("loginTime")){
flag=i;
break;
}
}
if (flag!=-1){
long loginTime = Long.parseLong(cookies[flag].getValue());
Date date = new Date(loginTime);
System.out.println(date.toLocaleString());
}else {
System.out.println("欢迎您首次到来!");
}
//每次登录网站都会更新时间
Cookie loginTime = new Cookie("loginTime", System.currentTimeMillis() + "");
//给cookie设置一个有效期
loginTime.setMaxAge(24*60*60);
resp.addCookie(loginTime);
}
There is an upper limit on cookies
- A cookie can only hold one piece of information
- A web site can send multiple cookies to the browser, and store up to 20 cookies
- Cookie sites have a size limit of 4kb
- The browser limit is 300 cookies
delete cookies
Do not set the expiration date, close the browser, it will automatically expire
Set the validity period to 0
encode decode
URLEncoder.encode("中文","utf-8");
URLDecoder.decode(cookies[0].getValue(),"utf-8");
session
introduce
- The server will create a session object for each user (browser)
- A session monopolizes a browser, as long as the browser is not closed, the session exists
- After the user logs in, the entire website can be accessed --> save the user's information
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//解决乱码问题
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
//得到session
HttpSession session = req.getSession();
//得到sessionId
String id = session.getId();
//在session中存储属性
session.setAttribute("name","小黑子");
if (session.isNew()){
resp.getWriter().write(id+"创建成功!");
}else{
resp.getWriter().write(session.getAttribute("name")+"属性设置成功!");
}
//手动注销session
session.invalidate();
}
Set session valid date
<session-config>
<!-- 以分钟为单位-->
<session-timeout>15</session-timeout>
</session-config>
The difference between session and cookie
- The cookie is to write the user's data to the user's browser, and the browser saves it (multiple can be saved)
- The session is to write the user's data into the user's exclusive session, and save it on the server side (save important resources and reduce the waste of server resources)