## Session: main course
First, the concept : server-side session techniques, sharing data among multiple requests in one session, the data stored in the server object. HttpSession
Second, the Quick Start:
1. Get HttpSession object:
HttpSession Request.getSession the session = ();
2. Use HttpSession object:
Object the getAttribute (String name)
void the setAttribute (String name, Object value)
void removeAttribute (String name)
Third, the principle
achieve * Session is dependent on Cookie's.
Fourth, the details:
1. When the client is closed, the server does not shut down, twice obtaining session whether the same?
* by default. No.
* If you need the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time for the cookie persistence save.
C = new new cookie cookies ( "the JSESSIONID", session.getId ());
c.setMaxAge (60 * 60);
response.addCookie (C);
2. The client is not shut down, shut down the server, the session is to get twice the same right?
* Not the same, but to ensure that data is not lost. tomcat automatically accomplish the following
* passivation session:
* off normal before the server, the session object serialization on the hard disk
* session activation:
* After starting the server, the file conversion for the session to session object in memory.
When 3. session is destroyed?
1. shut down server
2. session object calls invalidate ().
3. session default expiration time of 30 minutes
are selectively configured to modify
<the session-config>
<-the session timeout> 30 </-the session timeout>
</ the session-config>
Five, session features
multiple requests for data storage 1. session of a session, the presence server side
data store 2. session may be of any type, any size
* The difference between the session and Cookie:
1. session data stored on the server side, Cookie client
no size limitation 2. session data, Cookie there
3. session data security, Cookie respect unsafe
request
Some request small range, only one request.
Object life cycle request is for a client (that is to say the exact point a browser application) of the first request, when the request is complete, the contents inside request will also be the release point.
You say it is a simple operation on the page, request.getParameter () is, form the parameters are taken from the previous page url.
However, if the request relates to a plurality of classes, but also to take the back parameters can request.setAttribute () and request.getAttribute ().
But when the output, request is over.
session
session can span many pages.
The session also for the life cycle of a client, but it is (usually 20-30 minutes), content inside the session will always exist in the session period set by others, even closed the client's browser session does not necessarily immediately release out.
It will be appreciated a plurality of client requests issued by the same IE window.
This parameter can be passed between, for example, many sites have used the user logs on.
Compare
Request less resource-intensive, security is relatively high, but relatively speaking, a lack of continuity.
session of the relatively large consumption would point resources, security will be relatively little low, but it can achieve such session tracking technology.
If the case can use request, try to use the request because the server is in relation to the consumption of resources is quite important.
In the process of passing page request is transmitted to the next page no longer passes, while sesison not so, that request is limited to two adjacent pages
Each time you press a link is a new request on a Web page, when the server returns to the browser a response, request is over, this time the object is stored in the request does not exist,
But when you use a Liu is connected to the server application-server will open a new session for you when the connection times out or close the browser session was destroyed.
So the scope of the role is not the same, session also can track the status of the user.
session is the equivalent of a client's global variables,
Value is set to the first access session.setAttribute such as A and the server ( "aaa") = "ComputerA ". A machine accessible at any continue to access a page may take session.getAttribute ( "aaa") is ComputerA;
Request is a visit to the local variables,
Lifecycle just one request. Therefore, the variable should be placed in the session login