Cookie & Session Technical Session

I. Technical Session

1) From open a browser to visit a site, to shut down this entire process browser, became a session. This technical session is to record the client's session state data.

2) technology is divided into a session Cookie and Session:

 Cookie: data is stored in the client locally , reducing pressure storage server, security is not good, the client can clear the cookie;

 Session: storing data to the server , security is relatively good, increasing the pressure on the server;

Two, Cookie Technology

1. The server sends the client a Cookie

1) Create a Cookie:

Cookie cookie = new Cookie(String cookieName,String cookieValue);


Note: Cookie can not be stored in Chinese.

2) Set Cookie persistence time in the client:

cookie.setMaxAge (seconds The int); --- time seconds

Note: If you do not set the persistence time, cookie will be stored in the browser's memory, the browser is closed cookie information destruction (session-level cookie), if you set the persistence time, cookie information will be persisted to the browser's disk file in



3) Set Cookie carrying path:

cookie.setPath(String path);

Note: If you do not set the carry path, then the cookie information will be generated in the path of the cookie to access a web resource where carries cookie information



4) sends a cookie to the client:

response.addCookie(Cookie cookie);


5) delete the cookie on the client:

If you want to remove the client's cookie information already stored, then use the same name as the persistence of time covering the same path as can the cookie 0;


2. The server accepts the client how to carry Cookie


1) get all the Cookie by request:

Cookie[] cookies = request.getCookies();

2) to traverse an array of Cookie, Cookie get what we want by the name of Cookie

for(Cookie cookie : cookies){


String cookieValue = cookie.getValue();




Three, Session Technology

1. Session object is obtained

HttpSession session = request.getSession();

   * Request.getSession () method internally to determine, whether the client session already exists on the server side;
   * If the client session does not exist on this server, it will create a session object;
   * If the client exists in the server session acquiring existing return the session (in essence, according to JSESSIONID determine whether the client is a session already exists on the server);

2. How to access data (session is a domain object) to the session

Session data is stored in the object region, the session object also has three methods:

session.setAttribute(String name,Object obj);

session.getAttribute(String name);

session.removeAttribute(String name);


3. The life cycle of the Session object (face questions / pen questions)

Creating the first execution request.getSession (): Creating


1) the server (abnormal) closed

2) session expired / disabled (default 30 minutes)


Question: starting point is calculated from the time when 30 minutes?

Never resources to start timing server-side action


Can be configured in the web.xml project




3) Manual destruction session




The default in one session, that is to say in a session a session object to any public resources

Guess you like