当前位置:网站首页>Web Security (VI) the use of session and the difference between session and cookie
Web Security (VI) the use of session and the difference between session and cookie
2022-07-06 05:28:00 【jinyangjie0】
Session It's a conversation , It is a data structure used to record user information on the server .
Session Use
1、 obtain Session object
HttpSession s = request.getSession(boolean flag);
notes :HttpSession It's an interface .
When flag by true when , According to the SessionId Find corresponding Session object , If it does not exist, return to new Session object .
When flag by false when , Also according to the request SessionId Find corresponding Session object , Returns if it does not exist null.
2、 Common methods
Data binding :
session.setAttribute(String name,Object obj);
Get the binding value according to the binding name :
Object session.getAttribute(String name);
Unbind :
session.removeAttribute(String name);
3、Session Automatic destruction of
Tomcat Server default Session The timeout is 30 minute
You can use web.xml Set the timeout in minutes , Set to 0 Indicates not to destroy .
<session-config> <session-timeout>20</session-timeout> </session-config>
Session And Cookie The difference between
solve HTTP The stateless ways of the agreement itself are cookie and session. Both can record the status , The former is to save the state data on the client , The latter is saved on the server .
Session How it works
session The basic principle of is that the server is for each session Maintain a copy of session information data , The client and server rely on a globally unique identity to access the session information data . User access web When applied , The server program decides when to create session, establish session It can be summed up in three steps :
1、 Generate globally unique identifier (sessionid);
2、 Open up data storage space . Generally, the corresponding data structure will be created in memory , But in this case , Once the system is powered down , All session data will be lost , If it's an e-commerce website , This kind of accident will have serious consequences . But it can also be written to a file or even stored in a database , Although this will increase I/O expenses , but session Some degree of persistence can be achieved , And it's better session The share of ;
3、 take session Send the globally unique identifier of to the client .
Cookie How it works
No matter what server-side technology is used , Just send back HTTP The response contains a header in the form of , It is considered that the server requires a cookie:
Set-cookie:name=name;expires=date;path=path;domain=domain
Support cookie All browsers will respond to this , creating cookie File and save ( It could also be memory cookie), Every time the user sends a request in the future , The browser should judge all the current cookie There is no failure in ( according to expires Attribute judgment ) And it matches path Attribute cookie Information , If any , It will be added to the request header and sent back to the server in the following form :
Cookie: name=“zj”; Path="/linkage"
The dynamic script on the server side will analyze it , And make corresponding treatment , Of course, you can also choose to ignore .
It should be noted that , For security reasons ,cookie Can be disabled by the browser .
边栏推荐
- 改善Jpopup以实现动态控制disable
- Using stopwatch to count code time
- 注释、接续、转义等符号
- MySQL time processing
- Promotion hung up! The leader said it wasn't my poor skills
- Compilation et connexion de shader dans games202 - webgl (comprendre la direction)
- Check the useful photo lossless magnification software on Apple computer
- ARTS Week 25
- Qt TCP 分包粘包的解决方法
- ByteDance program yuan teaches you how to brush algorithm questions: I'm not afraid of the interviewer tearing the code
猜你喜欢
[leetcode daily question] number of enclaves
01. Project introduction of blog development project
Vulhub vulnerability recurrence 72_ uWSGI
[leetcode16] the sum of the nearest three numbers (double pointer)
C进阶-数据的存储(上)
Yyds dry inventory SSH Remote Connection introduction
Rce code and Command Execution Vulnerability
JS quick start (II)
[leetcode] 18. Sum of four numbers
JS array list actual use summary
随机推荐
TCP three handshakes you need to know
nacos-高可用seata之TC搭建(02)
28io stream, byte output stream writes multiple bytes
UCF(暑期团队赛二)
Review of double pointer problems
[leetcode16] the sum of the nearest three numbers (double pointer)
Configuration file converted from Excel to Lua
Can the feelings of Xi'an version of "Coca Cola" and Bingfeng beverage rush for IPO continue?
Excel转换为Lua的配置文件
图数据库ONgDB Release v-1.0.3
03. 开发博客项目之登录
Jvxetable implant j-popup with slot
01. 开发博客项目之项目介绍
浅谈镜头滤镜的类型及作用
Three methods of Oracle two table Association update
04. 项目博客之日志
Ad20 is set with through-hole direct connection copper sheet, and the bonding pad is cross connected
Set detailed map + interview questions
[cloud native] 3.1 kubernetes platform installation kubespher
备忘一下jvxetable的各种数据集获取方法