Cookie&Session
Conversation
Session: a session comprises multiple requests and responses
Function: Once again, the range between more requests for data sharing session
Method: Client painting techniques: Cookie
Server-side painting techniques: Session
Cookie FEATURES AND ROLES
Cookie data is stored in the client browser
Cookie browser for a size limit in 4kb, the number of under the same domain Cookie not more than 20
Cookie generally used for storing sensitive data without a small amount
In the case without logging in to the server to complete the client identification
Operation Cookie
1. Create a Cookie object: new Cookie (String name, String value)
2. Send Cookie object to the browser: response.addCookie (Cookie cookie)
3.获取Cookie:Cookie[] request.getCookies()
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //创建Cookie Cookie cookie = new Cookie("cool","hello"); //发送Cookie response.addCookie(cookie); }
protected void the doPost (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException { // Get Cookie Cookie [] = Cookies request.getCookies (); // through the data in the Cookie IF (= Cookies! null ) { for (C Cookie: Cookies ) { // Get Cookie value pairs pass over String name = c.getName (); String value = c.getValue (); System.out.println (name + ":" + value); } } }
Other knowledge of Cookie
1. one can send multiple Cookie, Cookie can create multiple objects, many times addCookie method can be used to send cookie response calls.
2. By default, when the browser is closed, Cookie data is destroyed
Completed by persistent storage setMaxAge (int seconds)
Positive: Cookie data is written to the hard disk file. Persistent storage. And specify the cookie survival time after time, cookie files automatically lapse
negative: the default value
of zero: Delete cookie information
3.Cookie support Chinese after Tomcat 8, previously not supported if necessary transcoding the Chinese data
4. By default Cookie in the same tomcat server can not be shared
By setPath (String path): set a cookie acquisition range. By default, set the current virtual directory
If you want to share, you can set the path to "/"
Between different tomcat server
By setDomain (String path): If you set an identical domain name, the cookie can be shared between multiple servers
Session features and differences with the Cookie
Storing session data for a plurality of times within a session request, the server side in the present
session may store any type of data of any size
The difference between session and cookie
1. session data stored on the server side, Cookie client
no data size limit 2. session, Cookie there
3. session data security, Cookie respect unsafe
Session operations
1.获取HttpSession对象:
HttpSession session = request.getSession();
2. 使用HttpSession对象:
Object getAttribute(String name)
void setAttribute(String name, Object value)
void removeAttribute(String name)
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); session.setAttribute("hh","hhhhhhh"); }
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); Object hhhh = session.getAttribute("hh"); System.out.println(hhhh); }
Other knowledge of Session
1. When the client is closed, the server does not shut down, twice obtaining session whether the same?
by default. No.
If you need the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time for the cookie persistence save.
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); Cookie c = new Cookie("JSESSIONID",session.getId()); c.setMaxAge(60*60); response.addCookie(c); }
2. The client is not shut down, shut down the server, the session is to get twice the same right?
Not the same, but to ensure that data is not lost. tomcat automatically accomplish the following
passivating the session:
the server is normally closed before the session object serialization on the hard disk
session activation:
After starting the server, the file conversion for the session to session object in memory.
When 3. session is destroyed?
The server closes the
session object to call the invalidate ()
session default expiration time of 30 minutes