当前位置: 技术问答>java相关
关于session!
来源: 互联网 发布时间:2015-04-18
本文导语: 哪位大虾可以为小弟深入浅出的剖析一下session。100分奉送! | 在一个用户浏览一个网站的时候,服务器要记住一些用户的信息,比如 用户名等等…… 为了要记住这些信息,服务器要产生一个...
哪位大虾可以为小弟深入浅出的剖析一下session。100分奉送!
|
在一个用户浏览一个网站的时候,服务器要记住一些用户的信息,比如
用户名等等……
为了要记住这些信息,服务器要产生一个ID来表明是哪一个用户,然后把
用户的信息都捆绑到这个ID上来。这就是SessionID。
而在客户端的浏览器有一个东东叫Cookie,它可以保存很多信息,包括SessionID。
当你在用JSP的session对象加一个信息时,实际上session对象底层的操作
会把SessionID写入到客户端的Cookie中。
这样,浏览器就可以在访问某个站点的网页时发送Cookie信息,服务器得到
这个信息后就知道SessionID,然后通过这个ID找到保存好的用户的一些信息。当然,服务器端的Session有一个超时限制,一旦某个Session没有被用到的时间超过某个值,就把和这个SessionID关联的用户信息删除。
现在有很多网站都不用JSP自己提供的session对象来管理Session。
因为一旦用户把浏览器的Cookie关闭,那么就会导致网站的一些功能无法正常使用。一般的解决办法就是把SessionID放在URL中体现。
例如:
263的某URL:http://202.96.44.16/cgi/ldapapp?funcid=main&sid=PAphCaEtthOAkCrP
sina的某URL:http://mail.sina.com.cn/cgi-bin/mail.cgi?4600
上面的“PAphCaEtthOAkCrP”和“4600”都是SessionID的表示方式。
用户名等等……
为了要记住这些信息,服务器要产生一个ID来表明是哪一个用户,然后把
用户的信息都捆绑到这个ID上来。这就是SessionID。
而在客户端的浏览器有一个东东叫Cookie,它可以保存很多信息,包括SessionID。
当你在用JSP的session对象加一个信息时,实际上session对象底层的操作
会把SessionID写入到客户端的Cookie中。
这样,浏览器就可以在访问某个站点的网页时发送Cookie信息,服务器得到
这个信息后就知道SessionID,然后通过这个ID找到保存好的用户的一些信息。当然,服务器端的Session有一个超时限制,一旦某个Session没有被用到的时间超过某个值,就把和这个SessionID关联的用户信息删除。
现在有很多网站都不用JSP自己提供的session对象来管理Session。
因为一旦用户把浏览器的Cookie关闭,那么就会导致网站的一些功能无法正常使用。一般的解决办法就是把SessionID放在URL中体现。
例如:
263的某URL:http://202.96.44.16/cgi/ldapapp?funcid=main&sid=PAphCaEtthOAkCrP
sina的某URL:http://mail.sina.com.cn/cgi-bin/mail.cgi?4600
上面的“PAphCaEtthOAkCrP”和“4600”都是SessionID的表示方式。
|
Provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user.
The servlet container uses this interface to create a session between an HTTP client and an HTTP server. The session persists for a specified time period, across more than one connection or page request from the user. A session usually corresponds to one user, who may visit a site many times. The server can maintain a session in many ways such as using cookies or rewriting URLs.
This interface allows servlets to
View and manipulate information about a session, such as the session identifier, creation time, and last accessed time
Bind objects to sessions, allowing user information to persist across multiple user connections
When an application stores an object in or removes an object from a session, the session checks whether the object implements HttpSessionBindingListener. If it does, the servlet notifies the object that it has been bound to or unbound from the session. Notifications are sent after the binding methods complete. For session that are invalidated or expire, notifications are sent after the session has been invalidatd or expired.
When container migrates a session between VMs in a distributed container setting, all session atributes implementing the HttpSessionActivationListener interface are notified.
A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Until the client joins the session, isNew returns true. If the client chooses not to join the session, getSession will return a different session on each request, and isNew will always return true.
Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another.
The servlet container uses this interface to create a session between an HTTP client and an HTTP server. The session persists for a specified time period, across more than one connection or page request from the user. A session usually corresponds to one user, who may visit a site many times. The server can maintain a session in many ways such as using cookies or rewriting URLs.
This interface allows servlets to
View and manipulate information about a session, such as the session identifier, creation time, and last accessed time
Bind objects to sessions, allowing user information to persist across multiple user connections
When an application stores an object in or removes an object from a session, the session checks whether the object implements HttpSessionBindingListener. If it does, the servlet notifies the object that it has been bound to or unbound from the session. Notifications are sent after the binding methods complete. For session that are invalidated or expire, notifications are sent after the session has been invalidatd or expired.
When container migrates a session between VMs in a distributed container setting, all session atributes implementing the HttpSessionActivationListener interface are notified.
A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Until the client joins the session, isNew returns true. If the client chooses not to join the session, getSession will return a different session on each request, and isNew will always return true.
Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another.
|
强烈建议读《Master EJB and J2EE》
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。