Table of contents
Introduction
Cookie, seesion, and application will all cache the data of our user status, so that we can get information more quickly when the browser visits the website.
The main reason is that the HTTP protocol is stateless. Every time we access the server, it is a separate request to the server without contextual connection. Take the example of Taobao login to illustrate:
If we enter our Taobao account number and password to log in, we will send a request to the server for steps such as browsing products, adding shopping carts, and paying, but how does the server know that these requests are from you? From the same user? It is mainly realized by cookie, seesion and application.
cookie
Cookies are stored on the client side , and cookies are a mechanism for storing data on the client side to maintain state between different pages.
A cookie is actually a small piece of text information. The client requests the server, and if the server needs to record the user status, it uses the response response information to issue a Cookie (unique identifier) to the client browser. The client will save the cookie.
When the browser requests the website again, the browser submits the requested URL together with the cookie to the server. The server checks the cookie to identify the user status. The server can also modify the content of the cookie as needed.
cookie life cycle
The general default is that when the browser is closed, the cookie is automatically destroyed. This can be set through the setting information sent by the server. For example:
Cookie cookie = new Cookie("username","helloweenvsfei"); // 新建Cookie
cookie.setMaxAge(Integer.MAXVALUE); // 设置生命周期为MAXVALUE
response.addCookie(cookie); // 输出到客户端
- If the maxAge attribute is a positive number, it means that the cookie will automatically expire after maxAge seconds. The browser will persist the cookie whose maxAge is a positive number , that is, write it to the corresponding cookie file. Regardless of whether the customer closes the browser or the computer, as long as it is still before maxAge seconds, the cookie is still valid when logging in to the website.
- If maxAge is a negative number, it means that the cookie is only valid in this browser window and the sub-window opened by this window, and the cookie will become invalid after the window is closed. This cookie will not be persisted .
- If maxAge is 0, it means delete the cookie.
For details, refer to the difference and usage of Session, Cookie, and Application
session
The session is saved on the server side , and the session refers to a session instance created for each user on the server, which is used to store the user's login information and other data that needs to be kept in state. Through Session, the server can identify users and track their activities.
I just learned that cookie is an identifier to identify the client, so how can my server use this identifier?
It is through the session mechanism. When each user establishes a connection with the server, the server will automatically assign a SessionId to it. Each sessionId has a value content, which is used to save the user's state. When the server responds to the client, it sends the sessionId to the client browser through set-cookie, which is the cookie just now. Therefore, every request sent by the browser will bring the sessionId through the cookie, which means that the server knows who the user is, and returns the content in the value corresponding to the sessionId to the client.
session life cycle
The life cycle of the Session begins when the user visits the website for the first time, and ends when the user closes the browser or is inactive for a long time (more than a certain period of time).
During this period, the server will store the Session in memory for fast reading and updating of Session data. However, due to the limited memory, if a large number of users visit the website, it will cause excessive memory usage, which will affect the performance of the website. Therefore, developers need to use the Session carefully, and set the expiration time of the Session according to the actual situation to ensure that the memory usage is reasonable.
Examples of HTTP cookies
Step 1 : The client requests a connection with the server
Request message (status without cookie information)
GET /reader/ HTTP/1.1
Host: hackr.jp
There is no Cookie-related information in the header field in the first request
Step 2 : The server responds with information
Response message (the server generates Cookie information)
HTTP/1.1 200 OK
Date: Thu, 12 Jul 2012 07:12:20 GMT
Server: Apache
<Set-Cookie: sid=1342077140226724; path=/; expires=Wed,10-Oct-12 07:12:20 GMT>
Content-Type: text/plain; charset=UTF-8
At this time, you can see that there is a Set-Cookie field in the response message header sent by the server, and set the cookie information of the client.
Step 3 : The client continues to request the message (automatically send the saved Cookie information)
GET /image/ HTTP/1.1
Host: hackr.jp
Cookie: sid=1342077140226724
After that, every time the current client requests, the cookie field will be included in the request header
application
The application is on the server side and is used to save the public information of all users. It contains all pages, logic and data. Through Application, developers can share data and state throughout the application.