会话跟踪
会话:用户打开浏览器,访问web浏览器的资源,会话建立,直到有一方断开连接,会话结束。一次会话可以包含多次请求和响应。
会话跟踪:一种维护浏览器状态的方法,服务器需要识别多次请求是否来自同一浏览器,以便在同一次会话的多次请求间共享数据。
客户端会话跟踪技术:Cookie
服务端会话跟踪技术:Session
Cookie
将数据保存在客户端,以后每次请求都携带Cookie数据进行访问
使用流程
创建Cookie对象,设置数据
Cookie cookie=new Cookie(name,value);
发送Cookie到客户端:
response.addCookie(cookie);
获取客户端携带的所有Cookie:
Cookie[] cookies=request.getCookies();
cookies.getName();
cookies.getValue();
小栗子:
@WebServlet(urlPatterns = "/demoServlet1")
public class DemoServlet1 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie cookie=new Cookie("name","张三");
response.addCookie(cookie);
}
}
@WebServlet(urlPatterns = "/demoServlet2")
public class DemoServlet2 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
System.out.println(cookie.getName()+": "+cookie.getValue());
}
}
}
控制台得到:
JSESSIONID: 6364D8D8953DB7ED93E2FE3C11315926
name: 张三
Cookies原理
响应头:set-cookie,当浏览器发送cookies到客户端的时候客户端会有一个响应头就是set-cookie
请求头:cookie,当客户端发送信息到服务端的时候,服务端收到一个请求头:cookie
Cookie细节
默认情况下,cookies存储在浏览器内存中,当页面关闭的时候,内存释放,cookie被销毁,可以通过setMaxAge(int senconds)
设置cookie存活时间,默认是负数,
cookies编码问题
当cookie需要存储的时候,需要将中文进行转码:
@WebServlet(urlPatterns = "/demoServlet1")
public class DemoServlet1 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username="张三";
String name1 = URLEncoder.encode("username", "UTF-8");
Cookie cookie=new Cookie("name",username);
response.addCookie(cookie);
}
}
@WebServlet(urlPatterns = "/demoServlet2")
public class DemoServlet2 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
System.out.println(cookie.getName()+": "+URLDecoder.decode(cookie.getValue(),"utf-8"));
}
}
}
Session
服务端会话跟踪技术:将数据保存到服务端。JavaEE提供HttpSession接口,来实现一次会话的多次请求间数据共享功能。
使用流程
获取session对象
HttpSession session = request.getSession();
调用方法:
session.setAttribute(String name,Object value);
session.getAttribute(String name);
session.removeAttribute(String name);
小栗子
@WebServlet(urlPatterns = "/demoServlet1")
public class DemoServlet1 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
session.setAttribute("username","张三");
}
}
@WebServlet(urlPatterns = "/demoServlet2")
public class DemoServlet2 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
System.out.println(session.getAttribute("username"));
}
}
Session原理:基于cookie
上面获取两次的session对象是同一个,是因为服务器在第一次获取session的时候会同时向客户端发送一个响应头和请求头,两个都是JSESSION,这个是session的唯一标识,因此服务端在请求session的时候会先收到cookie的请求头信息,当请求头里面的JSESSION已经存在的时候,会默认使用已存在的JSESSION,如果没有会给客户端发送一个响应头,里面有个属性就是JSESSION
Session细节
服务器重启后Session中的数据依旧存在,因为tomcat会自动将Session数据写入硬盘的文件中,再次启动服务器从文件中加载数据到Session,当浏览器关闭的时候再次打开获取session会是不一样的session对象,
Session销毁
默认情况下,30分钟自动销毁,可以调用session对象的invalidate()
方法
对比
Cookie | Sesion | |
储存位置 | 客户端 | 服务端 |
安全性 | 不安全 | 安全 |
数据大小 | <=3kb | 无大小限制 |
存储时间 | 长期 | 默认30分钟 |
服务器性能 | 不占服务器资源 | 占用服务器资源 |
手机验证码就是用到了session