There may be multiple session simultaneously
, such as such a situation: the same client machine multiple requests for the same resource, for multi-browser tags, in a browser window, multiple tags simultaneously access a page, it is a session. For between multiple browser windows simultaneously or separated by a very short time a page is accessed, session is plural, and processes related to the browser. For a same browser window, directly enter different resources url to access the same application, session is the same.
request.getSession (true): If the session exists, the session returned, otherwise a new session.
request.getSession (false): If there is a session the session is returned, otherwise it returns NULL
request.getSession () default is true: if the session does not exist it will create a
Session & Cookie and user login test
When a program needs to create a session for the request of a client, the server first checks whether the client's request already contains a session identifier (called a session id), if it contains the session had previously been created for this client Description the server will follow this session to session id retrieved using (not retrieved, it will create a new), if the client request does not contain a session id, then created for this client and generates a session associated with this session's session id , the session id value should be neither a duplicate, not easy to find a replica of the law of string, the session id is returned to the client stored in this response. Save this way can be used session id cookie, so the browser can automatically play according to the rules this identity to the server during the interaction. The cookie names are generally similar to SEEESIONID.
cookie can be artificially prohibited, there must be other mechanisms in order to still be able to pass the session id in the cookie back to the server is prohibited. One technique often used is called URL rewriting, the session id is directly appended to the URL path. There is also a technique called hidden form fields. That is, the server will automatically modify the form, add a hidden field to be able to pass the session id back to the server when the form is submitted.
Example:
<form name=”"testform”" action=”"/xxx”">
<input type=”"hidden”" name=”"jsessionid”"
value=”"ByOK3vjFD75aPnrF7C2HmdnV6QZcEbzWoWiBYEnLerjQ99zWpBng!-145788764″”>
<input type=”"text”">
</form>URL Rewrite
http://www.test.com/test;jsessionid=ByOK3vjFD75aPnrF7C2HmdnV6QZcEbzWoWiBYEnLerjQ99zWpBng!-145788764
catalina is the name of Apache Tomcat server uses to achieve the servlet container.
Tomcat core divided into three parts:
- --- Web container handling static pages;
- a servlet container ----- --- Catalina servlet processing;
- There is a JSP container, which is translated into a general jsp page servlet.
http://yut-i.blog.163.com/blog/static/2425778220121159347221/
-------------------------------------------------
Project session failure problems and solutions
Tomcat web.xml configuration profile in the inoperative time lapse session, session external network frequent failure
Possible causes: The project deployed in the same server, ip or domain name identical
Debug view interceptor method
session with the domain name, IP
Project deployed on the same server,
http://netsecurity.51cto.com/art/201402/428721.htm
secondary domain
baidu.com level domain
www.baidu.com secondary domain name
bbs.baidu .com second-level domain
tieba.baidu .com second-level domain
Sharing session between different secondary domain name?
Reproduced in: https: //my.oschina.net/u/3160411/blog/1506094