会话跟踪

会话:用户打开浏览器,访问web浏览器的资源,会话建立,直到有一方断开连接,会话结束。一次会话可以包含多次请求和响应。

会话跟踪:一种维护浏览器状态的方法,服务器需要识别多次请求是否来自同一浏览器,以便在同一次会话的多次请求间共享数据。

客户端会话跟踪技术:Cookie

服务端会话跟踪技术:Session

Cookie

将数据保存在客户端,以后每次请求都携带Cookie数据进行访问

使用流程

创建Cookie对象,设置数据

Cookie cookie=new Cookie(name,value);

发送Cookie到客户端:

response.addCookie(cookie);

获取客户端携带的所有Cookie:

Cookie[] cookies=request.getCookies();
cookies.getName();
cookies.getValue();

小栗子:

@WebServlet(urlPatterns = "/demoServlet1")
public class DemoServlet1 extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        Cookie cookie=new Cookie("name","张三");
        response.addCookie(cookie);
    }
}

@WebServlet(urlPatterns = "/demoServlet2")
public class DemoServlet2 extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        Cookie[] cookies = request.getCookies();
        for (Cookie cookie : cookies) {
            System.out.println(cookie.getName()+": "+cookie.getValue());
        }
    }
}

控制台得到:

JSESSIONID: 6364D8D8953DB7ED93E2FE3C11315926
name: 张三

Cookies原理

响应头:set-cookie,当浏览器发送cookies到客户端的时候客户端会有一个响应头就是set-cookie

请求头:cookie,当客户端发送信息到服务端的时候,服务端收到一个请求头:cookie

Cookie细节

默认情况下,cookies存储在浏览器内存中,当页面关闭的时候,内存释放,cookie被销毁,可以通过setMaxAge(int senconds)设置cookie存活时间,默认是负数,

cookies编码问题

当cookie需要存储的时候,需要将中文进行转码:

@WebServlet(urlPatterns = "/demoServlet1")
public class DemoServlet1 extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username="张三";
        String name1 = URLEncoder.encode("username", "UTF-8");
        Cookie cookie=new Cookie("name",username);
        response.addCookie(cookie);
    }
}

@WebServlet(urlPatterns = "/demoServlet2")
public class DemoServlet2 extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        Cookie[] cookies = request.getCookies();

        for (Cookie cookie : cookies) {
            System.out.println(cookie.getName()+": "+URLDecoder.decode(cookie.getValue(),"utf-8"));
        }
    }
}

Session

服务端会话跟踪技术:将数据保存到服务端。JavaEE提供HttpSession接口,来实现一次会话的多次请求间数据共享功能。

使用流程

获取session对象

HttpSession session = request.getSession();

调用方法:

session.setAttribute(String name,Object value);
session.getAttribute(String name);
session.removeAttribute(String name);

小栗子

@WebServlet(urlPatterns = "/demoServlet1")
public class DemoServlet1 extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        session.setAttribute("username","张三");

    }
}

@WebServlet(urlPatterns = "/demoServlet2")
public class DemoServlet2 extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        System.out.println(session.getAttribute("username"));
    }
}

Session原理:基于cookie

上面获取两次的session对象是同一个,是因为服务器在第一次获取session的时候会同时向客户端发送一个响应头和请求头,两个都是JSESSION,这个是session的唯一标识,因此服务端在请求session的时候会先收到cookie的请求头信息,当请求头里面的JSESSION已经存在的时候,会默认使用已存在的JSESSION,如果没有会给客户端发送一个响应头,里面有个属性就是JSESSION

graph TD A[客户端] -->|请求1| B1(服务端Servlet1) B1(服务端Servlet1) -->|响应1| A[客户端] A[客户端] -->|请求2| B2(服务端Servlet2) B2(服务端Servlet2) -->|响应2| A[客户端] B1 --> |获取session|C(session) B2 --> |获取session|C(session) C -->|发送请求头响应头| A A -->|获取响应头| C

Session细节

服务器重启后Session中的数据依旧存在,因为tomcat会自动将Session数据写入硬盘的文件中,再次启动服务器从文件中加载数据到Session,当浏览器关闭的时候再次打开获取session会是不一样的session对象,

Session销毁

默认情况下,30分钟自动销毁,可以调用session对象的invalidate()方法

对比

CookieSesion
储存位置客户端服务端
安全性不安全安全
数据大小<=3kb无大小限制
存储时间长期默认30分钟
服务器性能不占服务器资源占用服务器资源

手机验证码就是用到了session

posted @ 2023-01-12 14:51  Liku007  阅读(19)  评论(0编辑  收藏  举报