JavaWeb - Cookie and Session (session technology)

1. Technical Session

1.1. The concept

会话: A session request and response comprises a plurality of times
一次会话: a first browser sends a request to a server resource, the session establishment, up until one party disconnect
会话的功能: request to share data among a plurality of times in the range of a session

1.2. Way

  • Client session technology: Cookiethe client data exists future
  • Server-side session techniques: Sessionthe presence server data in the future


Cookie: client session technology, the data stored in the client

2.1.Cookie Quick Start

Steps for usage:

  • Create a Cookie object, bind data

new Cookie(String name,String value)

  • Send Cookie object

response.addCookie(Cookie cookie)

  • Get Cookie, get the data

Cookie[] request.getCookies()

The principle 2.2.Cookie

Here Insert Picture Description

2.3.Cookie details

2.3.1. Can send more than once Cookie

可以, Cookie create multiple objects, use objects addCookie response method multiple times to send Cookie
Here Insert Picture Description

How long will 2.3.2.Cookie in the browser

  • 默认A case where, when 浏览器关闭后, Cookie data is destroyed
  • 设置Cookie声明周期To make his persistent storage

Call setMaxAge (int seconds) method with Cookie object

  • Positive: The Cookie data 写到硬盘文件中持久化存储, second cookie that represents survival time (in seconds)
  • Negative: The default value, memory 在浏览器内存中, shut down the browser on a data destruction Cookie
  • zero:删除Cookie数据

2.3.3.Cookie can not save Chinese

In the Tomcat8prior, Cookie can not be stored directly in the Chinese data (the data needs to be transcoded Chinese - General URL encoded), after Tomcat8, Cookie support Chinese data.

2.3.4.Cookie sharing

  • 1.假设在一个Tomcat服务器中部署了多个Web项目,那么在这些项目中Cookie是否共享?
  • 默认情况下Cookie不能共享
  • setPath(String path):设置Cookie的获取范围,默认情况下设置当前项目的虚拟目录,如果要共享,则将path设置为:"/"
  • 2.不同的Tomcat服务器间Cookie共享问题

setDomain(String path):如果设置一级域名相同,那么多个服务器间Cookie共享


  • Cookie存储数据在客户端浏览器
  • 浏览器对于单个Cookie的大小有限制(一般4K左右,和浏览器有关)以及对同一个域名下的总Cookie数量也有限制(一般20个左右,和浏览器有关)


  • Cookie一般用于存储少量的不太敏感的数据
  • 在不登录的情况下完成服务器对客户端的身份识别(主要作用)





  • 获取Session对象:HttpSession session = request.getSession();
  • 使用HttpSession对象:
  • Object getAttribute(String name)
  • void setAttribute(String name,Object value)
  • void removeAttribute(String name)





3.4.1. When the client is closed, the server does not shut down twice for the same whether the acquisition Session

  • 默认情况下不是
  • If you need the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time, save the Cookie Persistence
        Cookie cookie = new Cookie("JSSIONID",session.getId());
        cookie.setMaxAge(60 * 60);

3.4.2. The client does not close, the server shuts down, get twice the Session is the same right

不是同一个(Incidentally is also the same coincidental), but to ensure that data is not lost ( session的钝化和活化--Tomcat has completed the passivation and activation work)

  • the session 钝化: until the server properly closed, the session object 序列化to the hard disk
  • the session 活化: After the server is started, the session file conversion ( 反序列化) for the session object in memory to
  • Note: IDEA can complete passivation but not activated successfully, TomCat to rely on the local server to complete passivation and activation, but the actual development will not be deployed inside the IDEA project, so little relationship

3.4.3.Session What time is destroyed

  • The server shuts down
  • call invalidate the session object
  • The default session failure time is 30 minutes (can be modified (FIG follows the first two) in the configuration file, in the project may be disposed (FIG third configuration follows))
    Here Insert Picture Description
    Here Insert Picture Description
    Here Insert Picture Description

3.5.Session features

  • Session used 存储一次会话的多次请求的数据, stored in服务器端
  • Session可用于存储任意类型、任意大小的数据

4.Session and Cookie difference

Session Cookie
storage location Service-Terminal Client
Size Limit There is no data size limit There are limitations associated with a particular browser
safety Relatively safe Relatively insecure

Guess you like