Java base reinforcement (four) - Cookie and Session

Java base reinforcement (D) -Cookie and Session

First, the technical session

1. Concept

A session is the information exchange between the browser and the server.

The first session from the browser sends a request to start the server resources, know one party off completion. A session including multiple request and response.

2. Functions:

In the range of one session, the shared data

3. way:

1) client session technology: Cookie

2) The server-side session techniques: Session

二、Cookie

1. Concept

Client session technology, will save the data to the client

2. Getting Started

Creates and sends a cookie in Demo1

//创建cookie对象,调用new Cookie(String name,String value)
Cookie cookie = new Cookie(name,"张三");
//发送cookie对象,调用response.addCookie(Cookie cookie)
response.addCookie(cookie);

Gets the Cookie in Demo2

//获取cookie,调用 Cookie[] request.getCookies()
Cookie[] cookies = request.getCookies()

The principle 3.Cookie

Based on the response, and set-cookie header cookie request header

4.cookie details

1) You can create a multiple cookie, use multiple calls addCookie response method to send cookie

2) Life Cycle:

By default, after you close your browser, cookie data is destroyed

Persistent storage:

​ setMaxAge(int seconds)

a.seconds is positive: the Cookie data is written to the hard disk file, namely persistent storage. The larger the value, the longer survival time

b.seconds negative: the default values, stored in memory, close the browser, which destroyed

c.seconds zero: Delete Cookie Information

3) Before Tomcat 8, Cookie Chinese data can not be stored directly.

- Chinese data needs to be transcoded (commonly used url)

After 8, Cookie support Chinese data

4) share issue

In the same Tomcat server, deploying multiple web projects, Cookie By default, each item can not be shared by other projects

If you need to share, you can change the scope Cookie obtain by calling setPath (String path) method, it is set to "/", that is the server root directory

Examples of the notation:

//创建Cookie对象
Cookie c1 = new Cookie("msg","你好");
//设置Path,令当前服务器下部署的所有项目共享Cookie信息
c1.setPath("\")

Server deployed in different Tomcat servers to be shared, you need to call setDomain (String Path) method

As long as a domain name identical between different servers, and then the path to the domain name, you can share these web projects kookie

Example:

//创建Cookie对象
Cookie c1 = new Cookie("msg","你好");
//设置domain,令tieba.baidu.com与new.baidu.com中cookie可以共享
c1.setDomain(".baidu.com")

5.Cookie Features

1) Cookie data is stored in the client browser, security is not strong

2) browser has limitations on the size of a single Cookie, Cookie and with the total number of domain names under a there is a limit (usually 20)

6.Cookie role

1) Cookie generally used in small amounts of less sensitive data storage

2) without landing, complete server to the client's identity

Three, Session

1. Concept:

Server-side session techniques, sharing data between multiple requests of a session, the data stored in the server-side object

2. Getting Started

1) to obtain the HttpSession object:

​ HttpSession session = request.getSeesion();

2) Use the HttpSession object:

​ Object getAttribute(String name);

​ void setAttribute(String name,Object value);

​ void removeAttribute(String name);

3. Principle

Session Cookie is dependent on the

When you first get Session, no Cookie, it creates a new Session object in memory. And save the address of the session in the Cookie.

On the second acquisition Session, Cookie will be sent the client browser to the server, the server will look for the Session object based on the Cookie Session address.

4. details

1) After the first visit to the end, close the client, the server does not close. Re-open the client to access the server. So, session two visits whether the same?

  • By default, not
  • If required for the same, you can create a Cookie, the key is JSESSIONID, set the maximum survival time for the cookie persistence save
Cookie c - new Cookie ("JSESSIONID",session.getId());
c.setMaxAge(60 * 60);
response.addCookie(c);

2) After the first end of the visit, shut down the server, the client does not close. Re-open the server and allow the client to access the server. So, session two visits whether the same?

  • Not the same, but we want to make sure that data is not lost
  • session passivation:
    • Prior to that server is shut down properly, the session object is serialized to the hard disk
  • session activation:
    • After the server is started again, the session file into a session object in memory to

session activation and passivation, local Tomcat server will automatically help us to complete.

But if you use IDEA tool, passivation operations can be performed normally, activation of the work can not be performed properly.

But we do not have to worry about it, because in the future we can not deploy IDEA locally.

3.Session destruction

1) server is closed, session failure

2) session suicide method: invalidate ()

3) session default expiration time: 30 minutes (can be configured in web.xml)

4.Session features ,

1) a plurality of times a request for storing data in one session, the presence server

2) Session data may be stored in any type, any size

3) Session data security, Cookie relatively unsafe

发布了14 篇原创文章 · 获赞 0 · 访问量 135

Guess you like

Origin blog.csdn.net/weixin_44580146/article/details/104449526