Detailed explanation of cookies and sessions

1、 First ,Cookie And Session What is the purpose of existence ？

answer ： Both are designed to maintain the interaction between the client access user and the background server , In order to maintain this state , One is to facilitate the implementation of some businesses , On the other hand, it is to simplify the programming of the background server , Improve performance .

2、 How to understand Cookie？

answer ： I understand. Cookie, It is used by the server to distinguish access users , A user sends HTTP request , The server determines whether this user is visiting for the first time , If it's a new user , Then you have to register first , Then use some information of this user Key-Value Save as key value pairs , adopt HTTP The response lets the user bring back the client , Let users save , On next visit , Take the message with you , It looks like an old acquaintance , The backstage does not need to register to process business directly , Convenient and efficient .

3、 How to understand Session？

answer ：Cookie It's saved on the client side , The client saves Cookie There are quantity and size limits , Then we think , Server side information can be saved in many ways , There is Session.

When we visit new customers , You can register the information and save it on the server , Just give the user a unique information id （ It's usually a NAME by JSESSIONID Of Cookie）, The next time a user visits , Just show the information id , The backstage can take out all his other information （ That is the Session out ）, Then do business , It prevents information from being tampered with or lost , And there is no capacity limit .

4、Session How to base on Cookie Work ？

answer ： Just said yes Session When understanding , Mention one Session The logo of （ It's usually a NAME by JSESSIONID Of Cookie）, This sign is usually used Cookie Saved on the client to maintain Session Of , But this is Cookie Allowed to be used , If Cookie Disabled , Will default to URL Parameter Realization .

Specific implementation process ：
a、 The first time a client makes a request , Because the server does not know Cookie Is it available , So the server prepares a test NAME by JSESSIONID Of Cookie As a customer Session The logo of , And will HTTP In response URL Parameter rewriting , Add... To the tail JSESSIONID, Return response .
b、 When the client makes a request again , Would contain Cookie Available information , If available , Then priority should be given to Cookie preservation JSESSIONID, And will cover URL Medium ID, If not available , Just use URL Parameter By rewriting JSESSIONID The transfer , To maintain Session.
c、 When the browser closes or Session After expired ,Cookie It's not working .

5、 How to configure SessionCookieName?

answer ： default SessionCookieName Namely JSESSIONID, We can do it in web.xml Middle configuration session-config term , among cookie-config Under the name Property is this SessionCookieName, It can be defined by the user .

6、Session How to work ？

answer ： Passing question 4 The method in obtains Session After the logo , You can go through request.getSession() get HttpSession Object , If this Session The identity does not correspond to HttpSession when , Then create a new one .

So who manages HttpSession object ？

On the surface, , be-all HttpSession Will be added to org.apache.catalina.Manager Of sessions Keep... In a container , This Manager Class will manage all Session Life cycle of .Session Expired will be recycled .

More specifically ,StandardManager yes Manager Implementation class of , Corresponding ,StandardSession yes HttpSession Implementation class of ;StandardManager Class responsible Servlet All in container StandardSession Management of the life cycle of objects .

If Session No expired , And the server is down ,Session Will it still exist ？

As long as the server is shut down normally , Before closing ,StandardManager Will put all that have not expired StandardSession Persist to a named “SESSION.ser” In the file of , When Servlet Restart time ,StandardManager initialization , This file will be re read and all Session object , Resave in StandardManager Medium sessions Collection ,session recovery .

however , When the server is shut down abnormally , There is no time to persist Session Of , It will lead to Session The loss of .

7、Cookie And Session What's the defect ？

There are two sides to everything , Their existence also brings some challenges , Such as Cookie The capacity of （ size 、 Quantitative restriction ）、 safety problem （ Susceptible to tampering ）、Session Server sharing problem for .