JAVA Cookie&Session

Cookie&Session

---

Conversation

　　Session: a session comprises multiple requests and responses

　　Function: Once again, the range between more requests for data sharing session

　　Method: Client painting techniques: Cookie

　　　　　 Server-side painting techniques: Session

---

Cookie FEATURES AND ROLES

　　Cookie data is stored in the client browser

　　Cookie browser for a size limit in 4kb, the number of under the same domain Cookie not more than 20

　　Cookie generally used for storing sensitive data without a small amount

　　In the case without logging in to the server to complete the client identification

---

Operation Cookie

　　1. Create a Cookie object: new Cookie (String name, String value)

　　2. Send Cookie object to the browser: response.addCookie (Cookie cookie)

　　3.获取Cookie：Cookie[]  request.getCookies()

　　

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        //创建Cookie
        Cookie cookie = new Cookie("cool","hello");
        //发送Cookie
        response.addCookie(cookie);
    }

 protected  void the doPost (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException {
         // Get Cookie 
        Cookie [] = Cookies request.getCookies ();
         // through the data in the Cookie 
        IF (= Cookies! null ) {
             for (C Cookie: Cookies 
                 ) { 
                // Get Cookie value pairs pass over 
                String name = c.getName (); 
                String value = c.getValue (); 
                System.out.println (name + ":" + value); 
            }  
        }
    }

---

Other knowledge of Cookie　

1. one can send multiple Cookie, Cookie can create multiple objects, many times addCookie method can be used to send cookie response calls.

 

2. By default, when the browser is closed, Cookie data is destroyed

　　Completed by persistent storage setMaxAge (int seconds)　

　　　Positive: Cookie data is written to the hard disk file. Persistent storage. And specify the cookie survival time after time, cookie files automatically lapse
　　　negative: the default value
　　　of zero: Delete cookie information

 

3.Cookie support Chinese after Tomcat 8, previously not supported if necessary transcoding the Chinese data

 

4. By default Cookie in the same tomcat server can not be shared

　　By setPath (String path): set a cookie acquisition range. By default, set the current virtual directory

　　　　If you want to share, you can set the path to "/"

　

　　Between different tomcat server

　　By setDomain (String path): If you set an identical domain name, the cookie can be shared between multiple servers

---

 Session features and differences with the Cookie

　　Storing session data for a plurality of times within a session request, the server side in the present

　　session may store any type of data of any size

　　

The difference between session and cookie　

1. session data stored on the server side, Cookie client
no data size limit 2. session, Cookie there
3. session data security, Cookie respect unsafe

---

 

Session operations

　　1.获取HttpSession对象：
　　　　　　HttpSession session = request.getSession();
　　2. 使用HttpSession对象：
　　　　　　Object getAttribute(String name)
　　　　　　void setAttribute(String name, Object value)
　　　　　　void removeAttribute(String name)

 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        session.setAttribute("hh","hhhhhhh");
    }

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        Object hhhh = session.getAttribute("hh");
        System.out.println(hhhh);
    }

---

Other knowledge of Session

　　1. When the client is closed, the server does not shut down, twice obtaining session whether the same?
　　　　　　by default. No.
　　　　　　If you need the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time for the cookie persistence save.

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        
        Cookie c = new Cookie("JSESSIONID",session.getId());
        c.setMaxAge(60*60);
        response.addCookie(c);
    }

　　

　　2. The client is not shut down, shut down the server, the session is to get twice the same right?
　　　　Not the same, but to ensure that data is not lost. tomcat automatically accomplish the following
　　　　passivating the session:
　　　　　　the server is normally closed before the session object serialization on the hard disk
　　　　session activation:
　　　　　　After starting the server, the file conversion for the session to session object in memory.

　　

　　When 3. session is destroyed?
　　　　 The server closes the
　　　　 session object to call the invalidate () 
　　　　 session default expiration time of 30 minutes