Session tracking technology
On the server side there are some resource files, you need to determine the status of the request, to see whether the request has the right to access the resource files, if you have let the access request, or not allow the access request. To accomplish this requires the use of session tracking technology.
Implement session tracking technology in two ways:
1.Cookie
2.Session (focus)
Cookie:
- 1.cookie is created out of the server.
- 2.Cookie is saved in the browser side.
- 3. Once the browser cookie information, then the browser requests all the resources of the project, the project will automatically carry the cookie-related information.
Learn cookie needs to grasp:
1. The server how to create cookie
cookies = new new cookie cookies (In Flag, value); // two parameters represent the cookie flag, and value of the cookie.
2. If the server sends the cookie to the browser
response.addCookie (cookie);
3. How to save the browser cookie
without programmer to worry about. Because browsers already have this function.
4. The browser sends the cookie time again how to carry the request.
Do not worry about it.
5. How to privacy resource server checks cookie.
Cookie[] cookies = request.getCookies();//获取到所有的跟本项目相关的所有的cookie。
If(cookies!=null){
For(Cookie c:cookies){//遍历每一个cookie看是否有需要的cookie信息
String name=c.getName();//得到cookie的标记
String value=c.getValue();//得到cookie的值
}
}
Summary cookie features:
- 1.cookie string is stored in the browser. A cookie is marked and values constitute. Tags and values are strings. Not Chinese.
- 2. The browser request project resources will automatically carry associated with the project cookie.
- 3.Cookie will be automatically removed when the browser is closed. Length can be called setMaxAge If you want to control the cookie is valid, we create a cookie object (60). To set the cookie's life. In seconds. If you want to observe the cookie can be set up inside to see the cookie-related content in the browser.
- 4.Cookie data insecurity, there is not cookie important data inside.
Cookie disadvantages:
- Unsafe
- It can be disabled
- Cookie limited amount of data 4K
- Cookie can not directly save the Chinese can be used to encode and decode URLEncoder and URLDecoder
Cookie generally save less important data.
Session (session)
Session server for each browser to establish a private storage space.
1. How to get the session object
HttpSession session = request.getSession (); // get the session object
after the first time when the browser accesses the server, call the method, the meaning of which is to create a session object.
When the browser is not the first time to access the server, call the code, and the meaning of the code is to obtain the corresponding browser session.
session.getId (); to obtain a unique tag the session.
2.session scope
session.setAttribute (key, value); // put data to the session scope
session.getAttribute (key); // get the data from the session scope
session.removeAttibute (key); // the session scope which removed data.
3.Session life cycle
A. default session will survive for 30 minutes. Long survival can be determined by the session following web.xml configuration label.
B. When the browser requests the server closes the browser. After this time, then open a browser, access the server, with the resulting session before closing the session not get the same. After the server-to-30 minutes to put out the destruction of the previous session.
C.session.invalidate (); This method can clear all the data inside session.
Session features
- 1.session one correspondence with the browser.
- 2.Session is saved on the server side.
- 3.Session storage of any data type.
- 4.Session scope which is not at liberty to release the data.
Cookie and session of difference
The same point: all session tracking technology, related to browser-related.
difference:
- 1. Save the position is not the same. Cookie in the browser, session server. Save important data to a session inside.
- 2. Save the data type is not the same. Cookie is a string type. Session any type.
Session two typical use cases:
1. Log in to force
2. verification code to achieve the
essence: a changing picture
effect: avoid malicious user operation.
The principle underlying the Session:
When the browser request is received servlet, the servlet is how to select the corresponding session browser does from a number of session inside?
1. When the servlet first performed request.getSession (), servlet creates a session object, and it will create a cookie object. Cookie c = new Cookie ( "JSESSIONID", session.getId ());
2. When the browser makes a request, the browser will automatically carry the cookie, request.getSession (); This underlying code would JSESSIONID the acquired value. Finds the corresponding value through the session.
Fake code:
Map<String,HttpSession> sessionMap=new ConcurrentHashMap<>();//存放所有session的集合
//第一次请求
HttpSession session=new HttpSession();//第一次请求过来时,实例化出来session对象。
Cookie c=new Cookie(“JSESSIONID”,session.getId());//session的id放入cookie里面响应。
response.addCookie(c);
Session.put(session.getId(),session);//把session放入到sessionMap的集合里面。
//第n次请求
Cookie[] cookies=Request.getCookies();//获取到所有的cookie
String value=null;
For(Cookie c:cookies){
String name=c.getName();//获取到cookie的标记
If(“JSESSION”.equals(name)){
Value=c.getValue();
}
}
If(value!=null){
HttpSession session=sessionMap.get(value);
}