Differences between cookies and sessions

Cookie and Session The definition of

1. Cookie, Sometimes in the plural Cookies. The type is “ Small text files ”, It's some websites to identify users , Conduct Session Track and Stored in the user's local terminal The data on the （ Usually encrypted ）, By the user client Information temporarily or permanently stored by a computer .
2. Session： In the computer , Especially in network applications , be called “ Session control ”.Session Object stores the properties and configuration information required for a specific user session . such , When the user is in the Web When you jump between pages , Stored in Session The variables in the object will not be lost , But it's going on throughout the user session . When a user requests... From an application Web When the page , If the user does not have a session , be Web The server will automatically create One Session object . When the session expires or is abandoned , The server will terminate the session .Session One of the most common uses of objects is to store user preferences .

Cookie and Session The difference between

1. Cookie It can be stored in the browser or locally ,Session Only servers exist
2. session Able to store arbitrary java object ,cookie Can only store String Object of type
3. Session Than Cookie More secure （Cookie There are security risks , Find your... By blocking or local files cookie Then we can attack ）
4. Session Take up server performance ,Session Too much , Increase server pressure
5. Single Cookie The saved data cannot exceed 4K, Many browsers limit a site to save at most 20 individual Cookie,Session There is no size limit related to the memory size of the server .

Cookie Use

1. Cookie Common methods in class

public void setMaxAge(int expiry)
public String getName()
public String getValue()
public void setValue(String newValue)

2. The following is a classic case showing the last login time of the user

protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
       //  Set response text information 
       resp.setContentType("text/html;charset=utf-8");
       //  Deal with the garbled code of requests and responses 
       req.setCharacterEncoding("utf-8");
       resp.setCharacterEncoding("utf-8");
       //  from request Get all Cookie
       Cookie[] cookies = req.getCookies();
       
       boolean flag = false;
       //  Traverse cookies
       for (Cookie cookie : cookies) {
    
           if (cookie.getName().equals("datetime")){
    
               Date date = new Date(Long.valueOf(cookie.getValue()));
               resp.getWriter().println(" Your last login time is ：" + date.toLocaleString());
               flag = true;
               break;
           }
       }
       if (!flag){
    
           resp.getWriter().println(" This is your first login ");
       }
       long currentTimeMillis = System.currentTimeMillis();
       //  Respond to cookie
       Cookie cookie = new Cookie("datetime", String.valueOf(currentTimeMillis));
       resp.addCookie(cookie);
   }
}

3. Cookie How to deal with Chinese garbled code

//  Here I am through the Chinese data URL The operation of encoding and decoding 
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    resp.setContentType("text/html;charset=utf-8");
    req.setCharacterEncoding("utf-8");
    resp.setCharacterEncoding("utf-8");
    
    Cookie[] cookies = req.getCookies();
    for (Cookie cookie : cookies) {
    
        if (cookie.getName().equals("name")){
    
            resp.getWriter().println(URLDecoder.decode(cookie.getValue(), "utf-8"));
            System.out.println(URLDecoder.decode(cookie.getValue(), "utf-8"));
        }
    }
    Cookie cookie = new Cookie("name", URLEncoder.encode(" Zhang San ","utf-8"));
    resp.addCookie(cookie);
}

Session Use

1. HttpSession The method commonly used in

public String getId();
public ServletContext getServletContext();
public Object getAttribute(String name);
public void setAttribute(String name, Object value);
public void removeAttribute(String name);
public void invalidate();
public boolean isNew();

2. Session Medium storage data

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
    request.setCharacterEncoding("utf-8");
    response.setCharacterEncoding("utf-8");
    response.setContentType("text/html;charset=utf-8");
    //  obtain Session
    HttpSession session = request.getSession();
    //  Store information 
    session.setAttribute("person", new Person(111," Zhang San "));

    String id = session.getId();
    if (session.isNew()){
    
        response.getWriter().write(" The newly created session id=" + id);
    } else {
    
        response.getWriter().println("session It already exists  id=" + id);
    }

}

3. Delete Session Two ways

• Delete manually

protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    HttpSession session = req.getSession();
    //  Manual logout session
    session.invalidate();
}

• adopt web.xml To achieve scheduled deletion

<session-config>
   <!-- Set up session The expiration time of , In minutes -->
   <session-timeout>1</session-timeout>
</session-config>