javaWeb中Cookie,Session原理
2018-03-08 10:34
465 查看
一.概述
初步了解javaweb项目的Cookie、Session,重点认识其原理。
二、示例
1.Cookie
1.1 服务器往客户端写入Cookie,ServeltSetCookies
1.2 显示写入的Cookie ServeltShowCookies
2.Session
2.1 客户端获取服务器的Session,ServeltInfoSession
2.2 显示Session,ServeltShowSession
三、总结
Cookie存在于客户端,Session存在于服务器。
Cookie:
服务器可以往客户端写入数据
只能是key-value的键值对的文本内容
客户端可以阻止服务器写入
不同的webApplication只能拿自己写入的内容
Cookie有两种类型:属于窗口(内容),属于文本(文件)
一个servlet/jsp设置的cookie能够被同一路径下面或者子路径下面的servlet/jsp读到(路径=URL)(路径 !=真实文件路径)
Session:
两种方式实现(客户端可获取Session):session-id写在临时cookie中,重写URL(response.encodeURL())
Session有过期时间,服务器根据session-timeout时间判断是否清除该Session,tomcat中的通用session过期时间设置为:conf–>web.xml里面的里面的(时间单位为分钟)。
Session不像Cookie拥有路径访问的问题,同一个application下的servlet/jsp可以共享同一个session,前提是同一个客户端窗口。
初步了解javaweb项目的Cookie、Session,重点认识其原理。
二、示例
1.Cookie
1.1 服务器往客户端写入Cookie,ServeltSetCookies
@WebServlet("/ServeltSetCookies") public class ServeltSetCookies extends HttpServlet { private static final long serialVersionUID = 1L; public ServeltSetCookies() { super(); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Cookie cookie = new Cookie("cache-cookie", "cache"); response.addCookie(cookie); Cookie cookie2 = new Cookie("file-cookie", "file"); cookie2.setMaxAge(3600); response.addCookie(cookie2); response.setContentType("text/html"); PrintWriter pw = response.getWriter(); pw.print("addCookie Ok"); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }
1.2 显示写入的Cookie ServeltShowCookies
@WebServlet("/ServeltShowCookies") public class ServeltShowCookies extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public ServeltShowCookies() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter pw = response.getWriter(); pw.print("<html><head>"); pw.print("<title>Cookie Info</title>"); pw.print("</head><body>"); pw.print("<h2>Cookie Information</h2>"); Cookie[] cookies = request.getCookies(); pw.print("<table border='1'>"); pw.print("<tr>"); pw.print("<th>"); pw.print("CookieName"); pw.print("</th>"); pw.print("<th>"); pw.print("CookieValue"); pw.print("</th>"); pw.print("</tr>"); if(cookies!=null&&cookies.length>0) { for (Cookie cookie : cookies) { pw.print("<tr>"); pw.print("<td>"); pw.print(cookie.getName()); pw.print("</td>"); pw.print("<td>"); pw.print(cookie.getValue()); pw.print("</td>"); pw.print("</tr>"); } } pw.print("</table>"); pw.print("</body></html>"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }
2.Session
2.1 客户端获取服务器的Session,ServeltInfoSession
@WebServlet("/ServeltInfoSession") public class ServeltInfoSession extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public ServeltInfoSession() { super(); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse * response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession mysession = request.getSession(true); response.setContentType("text/html"); PrintWriter pw = response.getWriter(); pw.print("<html><head>"); pw.print("<title>Session Info</title>"); pw.print("</head><body>"); pw.print("<h2>Session Information</h2>"); pw.print("New Session: " + mysession.isNew()); pw.print("<br />SessionID:" + mysession.getId()); pw.print("<br />Session created time:" + new Date(mysession.getCreationTime())); pw.print("<br />Session last access time:" + new Date(mysession.getLastAccessedTime())); pw.print("<h2>Request Information</h2>"); pw.print("<br />SessionID from request:" + request.getRequestedSessionId()); pw.print("<br />SessionID via cookie:" + request.isRequestedSessionIdFromCookie()); pw.print("<br /> SessionID via rewrite URL" + request.isRequestedSessionIdFromURL()); pw.print("<br /> Valid Session" + request.isRequestedSessionIdValid()); pw.print("<br /> <a href = 'ServeltInfoSession'>refresh</a>"); // 重写url encodeURL括号里面写的是类名。 pw.print("<br /> <a href =" + response.encodeURL("ServeltInfoSession") + ">refresh</a>"); pw.print("</body></html>"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }
2.2 显示Session,ServeltShowSession
@WebServlet("/ServeltShowSession") public class ServeltShowSession extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public ServeltShowSession() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(true); String head; response.setContentType("text/html"); PrintWriter pw = response.getWriter(); Integer count = (Integer) session.getAttribute("access"); if (count == null) { count = new Integer(0); head = "hi,newcommer!"; } else { count = new Integer(count.intValue() + 1); head = "welcome back"; } session.setAttribute("access", count); pw.print("<html><body><h2>" + head + "</h2>" + count + "</body></html>"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }
三、总结
Cookie存在于客户端,Session存在于服务器。
Cookie:
服务器可以往客户端写入数据
只能是key-value的键值对的文本内容
客户端可以阻止服务器写入
不同的webApplication只能拿自己写入的内容
Cookie有两种类型:属于窗口(内容),属于文本(文件)
一个servlet/jsp设置的cookie能够被同一路径下面或者子路径下面的servlet/jsp读到(路径=URL)(路径 !=真实文件路径)
Session:
两种方式实现(客户端可获取Session):session-id写在临时cookie中,重写URL(response.encodeURL())
Session有过期时间,服务器根据session-timeout时间判断是否清除该Session,tomcat中的通用session过期时间设置为:conf–>web.xml里面的里面的(时间单位为分钟)。
<session-config> <session-timeout>30</session-timeout> </session-config>
Session不像Cookie拥有路径访问的问题,同一个application下的servlet/jsp可以共享同一个session,前提是同一个客户端窗口。
相关文章推荐
- 【javaweb】Session原理以及浏览器禁止Cookie之后服务器如何获取Session
- JavaWeb之会话技术Cookie&Session
- java web session+cookie实现用户自动登录
- JAVAWEB开发之JSP、EL、及会话技术(Cookie和Session)的使用详解
- 【简记】Java Web 内幕——Cookie与Session简介和使用
- Java.Web学习笔记 Cookie Session
- JavaWeb开发中的会话技术[Cookie/Session]
- 复习java web之Cookie_Session
- 【JavaWeb-7】Cookie记住用户名、历史浏览记录与Session的自动系列化、购物车案例、验证码使用
- JavaWeb——Cookie,Session学习汇总
- java web之会话技术cookie+session
- JavaWeb之Cookie&&Session详解
- 重新学javaweb---cookie&&session
- JavaWeb开发知识总结(Cookie,Session)
- JavaWeb-Cookie和Session
- 【《深入解析Java Web技术内幕》学习思维导图】第10章 深入理解Session和Cookie
- JavaWeb——Cookie,Session学习汇总
- javaWeb_06-session的工作原理——IE禁用Cookie后的session处理
- JAVA web - Cookie和Session详解、JSP概述
- javaweb之Session实现简单的购物(URL重写。Cookie重写指定有效日期)和简单的验证结论