Shulou(Shulou.com)06/03 Report--

This article shares with you the content of the sample analysis of Cookie and Session of Java Web. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The difference between cookie Mechanism and session Mechanism

Specifically, the cookie mechanism adopts the scheme of maintaining state on the client side, while the session mechanism adopts the scheme of maintaining state on the server side.

At the same time, we also see that because the scheme that keeps the state on the server side also needs to save an identity on the client side, so session

The mechanism may need to resort to the cookie mechanism for the purpose of preserving the identity, but in fact there are other options.

The difference between session cookie and persistent cookie

If you do not set the expiration time, it means that the cookie life cycle is during the browser session, and the cookie disappears as long as you close the browser window. A cookie whose lifetime is a browsing session is called a session cookie. Session cookie is generally saved not on the hard disk but in memory.

If the expiration time is set, the browser will save the cookie to the hard drive, close it and open the browser again, and the cookie will remain valid until the set expiration time is exceeded.

Cookie stored on the hard disk can be shared between different browser processes, such as two IE windows. For cookie stored in memory, different browsers have different ways to handle it.

Daily phenomenon

Log in to a website and log in later, ah, there is no need to enter the password, it is the login status directly, it's amazing ~ ~

Look at a mobile phone on a website, and then browse other websites. The ads next to them are all mobile phones and similar information. It's so scary.

When browsing a website, remind me that I am the 66666th customer to visit, really?

In fact, these are Cookie and Session behind the trouble, the following will take you to learn these two things.

Similarities and differences between Cookie and Session

Cookie and Session are both methods or means used to save user status information.

Cookie is saved in the client's temporary folder, Session is saved in the server's memory, the server uses a structure similar to a hash table to store information, and a session domain object serves a client browser.

The security of Cookie is poor, while that of Session is high.

Cookie can be saved for a long time (saved on the client hard disk in txt format), while Session can be saved for a short time, usually 30 minutes.

Cookie is shared by multiple customer browsers, and Session is exclusive to one customer browser.

Session is implemented through the mechanism of Cookie.

Two Classic problems and URL rewriting

1. Disable Cookie on the client side and ask if Session still works?

This cannot (in fact) be the case for the vast majority of websites because the URL rewriting mechanism is not used to solve the problem that Cookie is disabled. (URL rewrites a large amount of code and can only be used statically on dynamic pages.)

A website that can (in fact) do very little (for example, excellence) because it uses the URL rewriting mechanism.

2. Can Cookie be used to implement shopping cart functions?

Yes, Cookie can do what Session can do.

* * essence * *

Whether Cookie or URL rewriting, the purpose is to pass the key and value name-value pairs of the JSESSIONID=32 bit string to the server.

Understand the Cookie-Session mechanism

When a program needs to create a Session for a client's request, the server first checks whether the client's request contains a Session ID-called Session id. If it already contains a Session id, it means that the Session has been created for this client before, and the server retrieves the Session according to Session id. If the client request does not contain a Session id, create a Session for the client and generate a Session id associated with the Session, which will be returned to the client for saving in this response. The client can save the Session id using Cookie, so that the browser can automatically send the identity back to the server according to the rules during the interaction. Generally speaking, the name of this Cookie is similar to JSESSIONID. For Session, the server retains a Session until the application tells the server to delete it. The browser never proactively notifies the server that it is going to shut down before shutting down, so the server will not know that the browser has been closed. The reason for this illusion is that most Session mechanisms use the session Cookie to save the Session id, but the Session id disappears when the browser is closed, and the original Session cannot be found when you connect to the server again. If the Cookie set by the server is saved to the hard disk, or if you use some means to rewrite the HTTP request header issued by the browser and send the original Session id to the server, you can still find the original Session by opening the browser again. To be honest, closing the browser will not cause the server-side Session to be deleted, but a large amount of Session is in the server memory all the time, and the server can't stand it, so the server sets an expiration time for Session. When the last time the client uses Session exceeds this expiration time (usually 30 minutes), the server can think that the client has stopped its activity. The Session is deleted to save storage space on the server side.

Thank you for reading! This is the end of this article on "sample Analysis of Cookie and Session of Java Web". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.