JavaWeb road 04-- session tracking

Disclaimer: This article is a blogger original article, shall not be reproduced without the bloggers allowed.

Session tracking technology

Session tracking technology is commonly used in Web application technology, for a full session tracking users.

A user opens a browser to access a Web site, it does not close the browser, regardless of how many users click the hyperlink to access many resources until the user closes the browser, or the server is shut down, this whole process we call a session.

Session tracking technology is commonly used in cookie and session. cookie mechanism is through client records information to determine the identity of the user, session mechanism is through the server log information to determine the user's identity.

cookie mechanism

A cookie is a client-side session techniques.

work process

The client browser access to the server, the server is the establishment of a cookie.

Response by the server (in response to the first set-cookie) the cookie back to the browser.

cookie stored on the browser, wait until the next time you access the server by certain rules to carry cookie, carried through the request (request header cookie), the server can get the cookie value.

cookie mechanism associated API

new Cookie(String name, Object value);//创建cookie
response.addCookie(Cookie cookie);//将cookie返回给浏览器
Cookie[] request.getCookie();//获取cookie


  Created by IntelliJ IDEA.
  User: XJM
  Date: 2019/2/10
  Time: 11:19
  To change this template use File | Settings | File Templates.
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <a href="${pageContext.request.contextPath}/cookie.jsp">访问网站</a>


<%@ page import="java.util.Date" %>
<%@ page import="java.text.DateFormat" %><%--
  Created by IntelliJ IDEA.
  Author: XJM
  Date: 2019-02-24
  Time: 21:14
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
        Cookie accountCookie = null;
        if (request.getCookies() != null) {
            for (Cookie cookie : request.getCookies()) {
                if (cookie.getName().equals("account")) {
                    accountCookie = cookie;

        if (accountCookie == null) {
        } else {

        accountCookie = new Cookie("account", DateFormat.getDateTimeInstance().format(new Date()));

Operating results
index interface
during the first visit:
The first time you access
second visit:
Second visit

Note: cookie can not cross-browser and does not support Chinese

session mechanism

session server-side session techniques.

work process

Browser sends a request to the server, the server determines whether the browser carries a unique identification

  • If that uniquely identifies: The server will query the logo in session in the pool
    • When queried: you can simply use the session, and returns it to the browser store
    • If no inquiries to: create a private server memory space, session objects operable, and returns it to the browser store
  • If there is no unique identifier: server to create a private memory space, session objects operable, and returns it to the browser store

session related API

HttpSession session=request.getSession();//获取session
setAttribute(String s, Object o);//设置session属性
getAttribute(String s);//获取session属性值
removeAttribute(String s);//移除session

session life cycle

  • session creation:

Sessinon created when the user first accesses the server access, you need to pay attention to will be created only when access Session JSP, Servlet and other procedures, access to resources only static HTML, IMAGE, etc. and does not create a Session, you can call request.getSession (true) mandatory generation Session.

  • session of Destruction:

1. Normal Close server
2. the session is not used for a long time, resulting in time-out: Tomcat 30 minutes by default, may be manually set
in three ways:
        1. the setMaxInactiveInterval (interval The int) // units of sec interval = -1 never expire, interval = 0 indicates when deleting
        2. web.xml provided
        <the session-config>
                <-the session timeout> 30 </-the session timeout>
                <-! in minutes ->
        </ the session-config>
        3.Tomcat also can be modified, using the following tags to define the definition of the context in server.xml:
        <the context path = "/ livsorder" the docBase = "/ Home / the httpd / HTML / livsorder" defaultSessionTimeOut = "3600"
        isWARExpanded = "to true" isWARValidated = "to false" isInvokerEnabled = "to true" isWorkDirPersistent = "to false" />
3. manual destruction: invalidate ()

Guess you like