One 、 Preface

conversation ： One session contains The request for many times and Respond to .
            One session ： The first time a browser sends a request to a server resource , Session creation , Until one side is disconnected .

---

Two 、Cookie

2.1 Concept

Concept ： Client session technology , Save data to client .

2.2 Quick start

2.2.1 Use steps

① establish Cookie object , Data binding

② send out Cookie object

③  obtain Cookie, Get the data

The code is as follows ：

//         establish Cookie object 
        Cookie c = new Cookie("msg","haha");
//         send out Cookie
        response.addCookie(c);
//         obtain Cookie
        Cookie[] cs = request.getCookies();
//         get data , Traverse Cookies
        if (cs != null) {
            for (Cookie c : cs) {
                String name = c.getName();
                String value = c.getValue();
                System.out.println(name+":"+value);
            }
        }
    }

2.3 Realization principle

Based on the response header set-cookie And the request header cookie Realization .

2.4 Cookie The details of the

2.4.1 Can I send more than one at a time cookie?

You can create multiple Cookie object , Use response Call several times addCookie Method to send cookie that will do .

2.4.2 cookie How long to save in the browser ？

①  By default , When the browser is closed ,Cookie The data is destroyed .

②  Persistent storage ：

setMaxAge(int seconds)

Positive numbers ： take Cookie The data is written to a file on the hard disk . Persistent storage . And designate cookie Survival time , After the time ,cookie The file is automatically invalidated .

negative ： The default value is .

zero ： Delete cookie Information .

2.4.3 cookie Can you save Chinese ？

stay tomcat 8 Before cookie Can't store Chinese data directly in .（ Need to transcode Chinese data --- It is generally used URL code (%E3)）.

stay tomcat 8 after ,cookie Support Chinese data . Special characters are still not supported , It is recommended to use URL Encoding storage ,URL Decoding and parsing .

2.4.4 cookie Sharing issues

① Suppose it's in a tomcat Server , Deployed multiple web project , So in these web In the project cookie Can we share ？

By default cookie Cannot share , If you want to share , Then you can put path Set to "/",setPath(String path)： Set up cookie The scope of acquisition . By default , Set the current virtual directory .

②  Different tomcat Server room cookie Sharing issues ？

 setDomain(String path): If the primary domain name is the same , So many servers cookie Can be Shared .

such as ： setDomain(".baidu.com"), that tieba.baidu.com and news.baidu.com in cookie Can be Shared .

2.5 Cookie The characteristics and functions of

2.5.1 Cookie Characteristics

① cookie Store data in the client browser .

② . Browser for single cookie There is a limit to the size of (4kb) as well as For the total under the same domain name cookie There is also a limit to the number (20 individual ).

2.5.2 Cookie The role of

① cookie Generally used to store a small amount of less sensitive data .

②  Without logging in , Complete the identification of the client by the server .

---

3、 ... and 、Session

3.1 Concept

Concept ： Server side session technology , Sharing data among multiple requests in a session , Save the data in the object on the server side .

3.2 Quick start

① obtain HttpSession object ：
            HttpSession session = request.getSession();

②  Use HttpSession object ：
           Object getAttribute(String name)  
           void setAttribute(String name, Object value)
           void removeAttribute(String name)  

3.3 principle

Session The realization of depends on Cookie Of .

Schematic diagram is as follows ： 

3.4 Session The details of the

3.4.1  When the client is shut down , The server does not shut down , Get twice session Is it the same ？

By default , No . If you need the same , You can create Cookie, The key is JSESSIONID, Set the maximum lifetime , Give Way cookie Persistent save .

 Cookie c = new Cookie("JSESSIONID",session.getId());
​		         c.setMaxAge(60*60);
​		         response.addCookie(c);

3.4.2  The client does not shut down , After the server is shut down , Acquired twice session Is it the same ？

Not the same , But make sure the data is not lost ,tomcat Automatically complete the following work ：

 session Passivation of ：
​                          Before the server is shut down properly , take session Serialize objects to hard disk .

but tomcat Activation will not be completed .

session Activation of ：
​                        After the server starts , take session The file is converted to... In memory session Object can .

3.4.3 session When it was destroyed ？

① Server down ;
② session Object call invalidate() ;
③ session Default expiration time 30 minute ：
                 Optional configuration modification ：    
                                        <session-config>
                                        <session-timeout>30</session-timeout>
                                        </session-config>

3.5 Session Characteristics

3.5.1 session Characteristics

① session Data used to store multiple requests for a session , There is a server side .

② session Can store any type , Data of any size .

3.5.2 session And Cookie The difference between ( Interview questions )：

① session Store data on the server side ,Cookie On the client side

② session There is no data size limit ,Cookie Yes .

③ session Data security ,Cookie Relative to insecurity .