Why session management
HTTP is a stateless protocol. Every time a client accesses a web page, the client opens a separate browser window to connect to the web server. Since the server does not automatically save the relevant information requested by the previous client, it cannot recognize an HTTP Whether the request is a first-time visit. This introduces a session between the web client and the server, which is session management.
Cookie is in the HTTP protocol, and Session is the JavaEE standard.
Cookie
Cookies are text files stored on the client's computer that retain various tracking information.
To put it simply, a cookie is a special piece of data that will be stored by the browser after it is obtained, and will be automatically transmitted the next time it is requested.
When the browser visits the server for the first time, it will accept the cookie created by the server. The next time it visits, it will carry the cookie with it.
Backend for cookie creation and delivery
Cookies are stored in key-value format
Create a Cookie object, call the Cookie constructor, and give the Cookie name and Cookie value, both of which are strings.
Cookie c = new Cookie(“userName”,”a1234”)Set the maximum time limit and access the road
– If you want to tell the browser to store cookies on disk instead of just in memory
c.setMaxAge(24 * 60 * 60); // 设置 Cookie 的有效期为一天(以秒为单位)
c.setPath("/"); // 设置 Cookie 的路径,使其在整个应用程序中可用
Put the cookie into the HTTP response. Without this step, no cookie will be sent to the browser.
response.addCookie(c)Get cookies from client
Call request.getCookies
Get an array of Cookie objects
Loop through the array and call getName of each object to find the desired cookie
This cookie is used based on the application calling the getValue method
Cookie[] cookies = request.getCookies();
if(cookies != null)
{
for(Cookie cookie : cookies)
{
if("userId".equals(cookie.getName()))
{
//doSomethingWith(cookie.getValue());
}
}
}
Browser view cookies
Advantages and Disadvantages
• advantage
– Expiration rules can be configured and data can be saved persistently
– No server resources are required, the data is saved on the client, and the server pressure is small
– Simplicity, text-based Key-Value pairs
• shortcoming
– Size is limited (300 total; 20/site; 4KB/Cookie)
– Users can disable the client’s ability to receive cookies
– Potential security risks, it is not safe to store passwords in the browser
Session
Session data information is stored on the server. Session relies on Cookie, but it is safer to store the information on the server. The Cookie stored on the browser is SessionID.
Session is a JavaEE standard
The server sets the Session. After the browser accesses, it uses a cookie to store the SessionID. The SessionID will be brought with it the next time you visit.
Use Session
Session is also a key-value type
• 通常分三个步骤
– 获取一个与请求相关联的会话
• HttpSession session = request.getSession();
– 从Session中设置一个属性
• session.setAttribute(“userName”,userName);
– 从Session中获取一个属性
• session.getAttribute(“userName”);
– 根据需要关闭会话
• session.invalidate();
• 通常客户端不提供结束会话的通知,而是Servlet容器在用户处于一段非
活动期后就会自动的使会话失效——这个时间段称为会话的超时期
The browser sees the SessionID
The browser stores the Session ID, which will be passed to the browser the next time it is accessed.
Advantages and Disadvantages
Advantages: Data security
Disadvantages: Server will be under pressure
the difference
- The storage locations are different, Cookie is in the browser, and Session is on the server.
- The standards are different. Cookie is in the HTTP protocol, and Session is the JavaEE standard.
- The storage types are different. Cookie stores strings (convenient for transmission), and Session can store various types of Java.