Technical sessions and their session: Cookie and Session

Disclaimer: This article is a blogger original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.
This link:

Web development, the server keeps track of user session information technology referred to in the art
in order to save data generated during a session, in Servlet technology, and provides object Cookie Session session data stored for two

1.Cookie objects

1.1 What is a Cookie
Cookie is a technology session, will be saved for the process data words to the user's browser , so that the browser and the server can better interact with the data.
Cookie server sends to the client, increasing the header field in response Set-Cookie header fields in response to HTTP. Cookie Set-Cookie header field follow a set of syntax :
the Set-Cookie: = User itcast; Path = /;
User name represents the Cookie
itcast Cookie value indicating a
Path attribute indicates Cookie
Note: Cookie must key-value pairs the form, which can have multiple properties, but must be separated by a semicolon and a space between these properties.
Cookie between the browser and the server transmission process :
When the user first accesses the server, the server will increase the Set-Cookie header field in a response message, the user information is transmitted in the form of a Cookie browser.
Once the user's browser to accept the Cookie information sent by the server, it will be saved in the buffer zone of the browser.
Thus, when a subsequent browser to access the server, the user will be in the information request message transmitted in the form of a Cookie to the Web server, the server side so that distinguish the current request is issued by which user.

1.2 Cookie API
for Cookie package information, provided a Servlet API in the javax.servlet.http.Cookie class that contains a method of generating Cookie Cookie information and the extracted information for each attribute.

  • Cookie constructor

Cookie and only one class constructor syntax is:

 public Cookie (java.lang.String name,java.lang.String value)

Parameter name specifies the name of Cookie, value is used to specify the value of Cookie
Note: Cookie once created, the name can not be changed, the value can be changed

  • Cookie class common method

After creating the object via the constructor Cookie Cookie's, so they can call the methods of the class

Cookie class common method
Here Insert Picture Description

2.Session objects

Cookie technology user information is stored in each browser , and data can be shared in multiple requests. When more information but if passed, will increase the use of Cookie technology is obviously more difficult process of server-side program.

2.1 What is the Session
the Session is a save session data to a server -side technology.
The HttpSession the API 2.2
Session are closely associated with each request message, therefore, the HttpServletRequest defines a method for obtaining Session object of the getSession (), which has two overloaded forms:

public HttpSession getSession(boolean create)
public HttpSession getSession()

The first getSession () method to determine whether the parameters passed to create a new HttpSession object, if the argument is true, then the associated HttpSession object does not exist is to create a new HttpSession object and back, or do not create HttpSession object, return null.
The second getSession () method is equivalent to the first method parameter for the case when true, always create a new HttpSession object when the associated HttpSession object does not exist.
the getSession () method may produce Cookie header field transmitting a session identification number, it must call the individual the Session () method before sending any response content.
The method of HttpSession common interface
Here Insert Picture Description
2.3Session out control
during the session, the session may be valid time web.xml configuration file, the default value is defined by the Servlet container. In the <Tomcat installation directory> \ conf \ the web.xml file, you can find some configuration message:


Time value is set minute as a unit, i.e. the server Tomact default session timeout interval of 30 minutes.
If the time value is set to 0 or a negative number, it indicates that the session will time out.

Guess you like