A, session of the concepts and features
session concept: in a computer, especially in network applications, known as "session control." Session object store particular user session configuration and the desired properties. To put it plainly session is a way to maintain data storage technology on the server side. session following main features:
- session is saved on the server location
-
Generally you want to use with the session cookie, if the user's browser cookie is disabled, you can only use URL rewriting to implement the storage capability of session
-
Use a simple answer session to store user information, so when a large number of users, number of session files will be much, there will be the problem of slow session inquiry
In essence: session-based technology is a kind of temporary storage technology is different from the back-end database
Second, why should use session
Internet application layer protocol that we currently use are basically based on HTTP and HTTPS, which in itself is stateless, is only responsible for request and response. I tell the server what I need, I returned to the appropriate server resources. Without additional processing, the server does not know who you are, but can not give you based on who you are and show you related to the content. HTTP protocol initially designed so that there are some historical reasons, the Internet was used for academic exchanges, only to show things like the article information, so far now colorful. Therefore, at the time of background HTTP protocol it is designed in such a way that it is actually very consistent with the scene. But as the Internet has been widely applied in the form of application has become more and more, our Web application is not limited to providing simple information show, but also requires the user to be able to log in, you can post a message in the forum, shopping site to buy stuff and so on. This requires HTTP protocol can record the user's state. That is, we are now familiar with the origin of the Session.
Three, session works
- The first time a user requests the server, the server generates a sessionid
- The server will generate the sessionid returned to the client, through set-cookie
- The client will receive it sessionid stored in a cookie, when a client access server will bring again the sessionid
- When the server receives again a request from the client will go to check if there sessionid, sessionid does not exist a new process is repeated 1 and 2, if there is go to the end of traversal service session file, and find the corresponding sessionid files, are some of the key information sessionid, the value of the current user
- Subsequent requests will exchange this Session ID, for stateful session.
Four, session life cycle
When Session entry into force:
Sessinon created when the user first accesses the server access, you need to pay attention to Session will be created when JSP, Servlet and other procedures only access, resource access only static HTML, IMAGE, etc. and does not create a Session, you can call request. getSession (true) force a Session.
When Session failure:
1. The server will no longer active Session removed from the server's memory, this time Session will fail. Default in Tomcat Session expiration time of 20 minutes. Calculated from the time session is inactive, if the session has been active, session will not expire total. The Session is not accessible from the start time; once the Session is accessed, timing is cleared;
2. Call Session of the invalidate method
= Session the HttpSession Request.getSession (); the session.invalidate (); // out of all the request of the session
4. Set the expiration time of session
a) web.xml in
<session-config> <session-timeout>30</session-timeout> </session-config>
b) manually set in the program
session.setMaxInactiveInterval (30 * 60); // set in seconds to -1 never expire Request.getSession () the setMaxInactiveInterval (. -1); // never expire
c) tomcat session expiration time can be modified, when using the following definitions define the context in server.xml:
<Context path="/livsorder" docBase="/home/httpd/html/livsorder" defaultSessionTimeOut="3600" isWARExpanded="true" isWARValidated="false" isInvokerEnabled="true" isWorkDirPersistent="false"/>
5. Close the browser, session will fail
Five, session performance bottlenecks
Another thing to talk about is stored Session data. Normally, if you do not explicitly set, most Web frameworks would Session data is stored in memory. If your Web application user volume is not the case, this is not a problem. But if you compare a large number of users, then it may happen a thing - not enough memory. This is normal, the memory capacity is very valuable, assuming each user Session data is 100K, 1 million subscribers will probably take up 1G of storage space, if your Session data cleansing mechanism also happens to be relatively slow, memory is very easy It is fully occupied. This requires that you are in a relatively large amount of concurrent design of the site, storage Session to consider, such as save them to your hard disk file system or database. So you're developing a Web application when a large amount if your users, you need to have this awareness. In addition Session into memory there is a drawback, if your Web server has restarted, then all Session state will be the case, it will affect the user experience to a certain extent.
Reference links: depth dissection operating principle session