In depth understanding of cookies and sessions in Java Web Learning

Java

The difference between cookie mechanism and session mechanism

Specifically, the cookie mechanism adopts the scheme of maintaining the state on the client, while the session mechanism adopts the scheme of maintaining the state on the server. At the same time, we also see that the scheme of keeping the state on the server side also needs to save an identity on the client side, so the session mechanism may need to use the cookie mechanism to save the identity, but there are other options in fact

The difference between session cookie and persistent cookie

If the expiration time is not set, it means that the life cycle of the cookie is during the browser session. As long as the browser window is closed, the cookie will disappear. Such a cookie whose lifetime is a browsing session is called a session cookie. Session cookies are generally not saved on the hard disk, but in memory.

If the expiration time is set, the browser will save cookies to the hard disk and open the browser again after closing. These cookies will remain valid until the set expiration time is exceeded.

Cookies stored on the hard disk can be shared between different browser processes, such as two IE windows. For cookies stored in memory, different browsers have different processing methods.

Everyday phenomenon

Log in to a website and log in later. Ah, you don't need to enter the password. It's the login status directly. It's amazing~~~

After seeing a mobile phone on a website and then browsing other websites, the advertisements next to it are all mobile phones and similar information. It's terrible~~~

When browsing a website, it reminds me that I am the 666th customer to visit. Is it true or false?

In fact, these are caused by cookies and session. Let's take you to learn these two things.

Similarities and differences between cookie and session

Cookie and session are both methods or means used to save user status information;

Cookies are saved in the temporary folder of the client, and sessions are saved in the memory of the server. The server uses a hash table like structure to save information. A session domain object serves a client browser;

Cookie security is poor and session security is high;

The cookie can be saved for a long time (in TXT format on the client's hard disk), and the session can be saved for a short time, usually 30 minutes;

Cookies are shared by multiple client browsers, and session is exclusive to one client browser;

Session is implemented through cookie mechanism.

Two classic problems and URL rewriting

1. The client disables cookies and asks if session can work?

Can't (in fact) most websites are like this because they don't use URL rewriting mechanism to solve the problem that cookies are disabled. (URL rewriting code is large and can only be applied to dynamic pages, not static ones)

A website that can (in fact) very little can (e.g. Excellence) because it uses a URL rewriting mechanism.

2. Can cookies be used to implement the shopping cart function?

Yes, so can session cookies.

**Essence**

Whether cookies or URL rewriting, the purpose is to pass the key and value name value pairs of jsessionid = 32-bit string to the server.

Understanding cookie session mechanism

When the program needs to create a session for a client's request, the server first checks whether the client's request contains a session ID - called session ID. if a session ID is included, it indicates that a session has been created for the client before, and the server retrieves the session according to the session ID. If the client request does not contain a session ID, create a session for this client and generate a session ID associated with this session. This session ID will be returned to the client for saving in this response. Cookies can be used by the client to save the session ID, so that the browser can automatically send the ID back to the server according to the rules during the interaction. Generally, the name of this cookie is similar to jsessionid. For a session, the server will keep a session unless the application notifies the server to delete it. The browser never proactively notifies the server that it will close before closing, so the server will not know that the browser has closed. The reason for this illusion is that most session mechanisms use session cookies to save the session ID. after closing the browser, the session ID disappears, and the original session cannot be found when connecting to the server again. If the cookie set by the server is saved to the hard disk, or the HTTP request header sent by the browser is rewritten by some means to send the original session ID to the server, the original session can still be found when the browser is opened again. In other words, closing the browser will not cause the server-side session to be deleted, but a large number of sessions have been in the server memory, and the server can't stand it, so the server sets an expiration time for the session, When the time from the last session used by the client exceeds the expiration time (usually 30 minutes), the server can think that the client has stopped its activity before deleting the session to save storage space on the server.

summary

The above is the whole content of this article. I hope the content of this article has a certain reference value for your study or work. If you have any questions, you can leave a message. Thank you for your support for programming tips.

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>