1. Technical Session
1.1. The concept
会话
: A session request and response comprises a plurality of times
一次会话
: a first browser sends a request to a server resource, the session establishment, up until one party disconnect
会话的功能
: request to share data among a plurality of times in the range of a session
1.2. Way
- Client session technology:
Cookie
the client data exists future - Server-side session techniques:
Session
the presence server data in the future
2.Cookie
Cookie: client session technology, the data stored in the client
2.1.Cookie Quick Start
Steps for usage:
- Create a Cookie object, bind data
new Cookie(String name,String value)
- Send Cookie object
response.addCookie(Cookie cookie)
- Get Cookie, get the data
Cookie[] request.getCookies()
The principle 2.2.Cookie
2.3.Cookie details
2.3.1. Can send more than once Cookie
可以
, Cookie create multiple objects, use objects addCookie response method multiple times to send Cookie
How long will 2.3.2.Cookie in the browser
默认
A case where, when浏览器关闭后
, Cookie data is destroyed设置Cookie声明周期
To make his persistent storage
Call setMaxAge (int seconds) method with Cookie object
- Positive: The Cookie data
写到硬盘文件中持久化存储
, second cookie that represents survival time (in seconds)- Negative: The default value, memory
在浏览器内存中
, shut down the browser on a data destruction Cookie- zero:
删除Cookie数据
2.3.3.Cookie can not save Chinese
In the Tomcat8
prior, Cookie can not be stored directly in the Chinese data (the data needs to be transcoded Chinese - General URL encoded), after Tomcat8, Cookie support Chinese data.
2.3.4.Cookie sharing
- 1.假设在一个Tomcat服务器中部署了多个Web项目,那么在这些项目中Cookie是否共享?
默认情况下Cookie不能共享
- setPath(String path):设置Cookie的获取范围,默认情况下设置当前项目的虚拟目录,如果要共享,则将path设置为:"/"
- 2.不同的Tomcat服务器间Cookie共享问题
setDomain(String path):如果设置一级域名相同,那么多个服务器间Cookie共享
2.4.Cookie的特点
- Cookie
存储数据在客户端浏览器
浏览器对于单个Cookie的大小有限制
(一般4K左右,和浏览器有关)以及对同一个域名下的总Cookie数量也有限制
(一般20个左右,和浏览器有关)
2.5.Cookie的作用
- Cookie一般用于
存储少量的不太敏感的数据
在不登录的情况下完成服务器对客户端的身份识别
(主要作用)
3.Session
3.1.概念
Session:服务器端会话技术
,在一次会话的多次请求间共享数据
,将数据保存在服务器对象中
3.2.Session快速入门
获取Session对象
:HttpSession session = request.getSession();使用HttpSession对象:
- Object getAttribute(String name)
- void setAttribute(String name,Object value)
- void removeAttribute(String name)
3.3.Session原理分析
服务器如何确保在一次会话范围内多次获取的Session对象是同一个?
第一次获取Session,没有Cookie,会在内存中创建一个新的Session对象,他会有一个
唯一的ID
,接下来做响应时,会发送响应头:set-cookei:JSESSIONID=唯一的ID,客户端此时将Cookie信息存到浏览器,下次再次访问项目其他资源时通过cookie请求头
带过去了JSESSIONID,服务器自动获取cookie信息在根据这个信息查看内存中有没有和JSESSIOID对应的Session对象
,如果找到了,getSession方法就找到了这个对象并返回,所以两次的Session是同一个,服务器就是通过Cookie确保一次会话中获取的Session是同一个
3.4.Session的细节
3.4.1. When the client is closed, the server does not shut down twice for the same whether the acquisition Session
默认情况下不是
- If you need the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time, save the Cookie Persistence
//希望客户端关闭后再次获取Session能相同
Cookie cookie = new Cookie("JSSIONID",session.getId());
cookie.setMaxAge(60 * 60);
response.addCookie(cookie);
3.4.2. The client does not close, the server shuts down, get twice the Session is the same right
不是同一个
(Incidentally is also the same coincidental), but to ensure that data is not lost ( session的钝化和活化
--Tomcat has completed the passivation and activation work)
- the session
钝化
: until the server properly closed, the session object序列化
to the hard disk- the session
活化
: After the server is started, the session file conversion (反序列化
) for the session object in memory to- Note: IDEA can complete passivation but not activated successfully, TomCat to rely on the local server to complete passivation and activation, but the actual development will not be deployed inside the IDEA project, so little relationship
3.4.3.Session What time is destroyed
- The server shuts down
- call invalidate the session object
- The default session failure time is 30 minutes (can be modified (FIG follows the first two) in the configuration file, in the project may be disposed (FIG third configuration follows))
3.5.Session features
- Session used
存储一次会话的多次请求的数据
, stored in服务器端
- Session
可用于存储任意类型、任意大小的数据
4.Session and Cookie difference
Session | Cookie | |
---|---|---|
storage location | Service-Terminal | Client |
Size Limit | There is no data size limit | There are limitations associated with a particular browser |
safety | Relatively safe | Relatively insecure |