Cookies与Session的总结
来源:互联网 发布:域名批量查询软件 编辑:程序博客网 时间:2024/05/22 21:30
最近对session和cookie有点迷糊,看了马士兵关于session和cookie的视频,记录总结一下。
常用的会话跟踪技术是Cookie与Session,区别是Cookie存储在客户端,而Session存储在服务器端来确定用户身份。
1、 Cookie
Cookie为一小段文本信息,当客户端浏览器访问服务器时,服务器向客户端写入一个Cookie。客户端把Cookie保存起来。下一次再访问服务器时,客户端浏览器把请求的网址连同该Cookie一同提交给服务器,服务器验证该Cookie,就能辨别该用户。
作如下试验:
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>Cookies_Session</display-name> <servlet> <servlet-name>SetCookies</servlet-name> <servlet-class>com.test.cookies.SetCookies</servlet-class> </servlet> <servlet-mapping> <servlet-name>SetCookies</servlet-name> <url-pattern>/servlet/SetCookies</url-pattern> </servlet-mapping> <servlet> <servlet-name>ShowCookies</servlet-name> <servlet-class>com.test.cookies.ShowCookies</servlet-class> </servlet> <servlet-mapping> <servlet-name>ShowCookies</servlet-name> <url-pattern>/servlet/ShowCookies</url-pattern> </servlet-mapping> <servlet> <servlet-name>SessionInfoServlet</servlet-name> <servlet-class>com.test.session.SessionInfoServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>SessionInfoServlet</servlet-name> <url-pattern>/servlet/SessionInfoServlet</url-pattern> </servlet-mapping> <servlet> <servlet-name>ShowSession</servlet-name> <servlet-class>com.test.session.ShowSession</servlet-class> </servlet> <servlet-mapping> <servlet-name>ShowSession</servlet-name> <url-pattern>/servlet/ShowSession</url-pattern> </servlet-mapping></web-app>
package com.test.cookies;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Servlet implementation class SetCookes */@WebServlet("/SetCookes")public class SetCookies extends HttpServlet { private static final long serialVersionUID = 1L; public SetCookies() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { for(int i = 0; i < 3; i++) { // 3个没有设置时间的Cookie,属于本窗口及其子窗口(存在内存) Cookie cookie = new Cookie("Session-Cookie-" + i, "Cookie-Value-S" + i); response.addCookie(cookie); // 以下3个Cookie设置了时间(1小时),属于文本,别的窗口也可以访问到这些Cookie(存在硬盘) cookie = new Cookie("Persistent-Cookie-" + i, "Cookie-Value-P" + i); cookie.setMaxAge(3600); response.addCookie(cookie); } response.setContentType("text/html;charset=gb2312"); PrintWriter out = response.getWriter(); String title = "Setting Cookies"; out.println("<html><head><title>设置Cookie</title></head>" + "<body>" + title + "<br>" + "There are six cookies associates with this page.<br>" + "to see them,visit the <a href=\"ShowCookies\">/n" + "<code>ShowCookies</code> servlet</a>" + "</body></html>"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }}
试验:
访问http://localhost:8080/Cookies_Session/servlet/SetCookies,设置cookie数据到客户端。
我们在我们本机下能看到我们设置的cookie.
里面记录信息如下:
Persistent-Cookie-0
Cookie-Value-P0
localhost/Cookies_Session/servlet/
1536
2965479296
30602999
1329089495
30602991
*
Persistent-Cookie-1
Cookie-Value-P1
localhost/Cookies_Session/servlet/
1536
2965479296
30602999
1329159499
30602991
*
Persistent-Cookie-2
Cookie-Value-P2
localhost/Cookies_Session/servlet/
1536
2965479296
30602999
1329219503
30602991
*
通过代码显示设置的cookies
package com.test.cookies;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class ShowCookies extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter pw = response.getWriter(); pw.println("<html><head><title></title></head>" + "<table border=1 align=center>" + "<TH>Cookie Name<TH>Cookie Value" + "<br>"); // 读取客户端的所有Cookie Cookie[] cookies = request.getCookies(); if(cookies != null) { Cookie cookie=null; for(int i = 0; i < cookies.length; i++) { cookie = cookies[i]; pw.println("<tr>" + "<td>" + cookie.getName() +"</td>" + "<td>" + cookie.getValue() +"</td></tr>"); } } pw.println("</table><body><html>"); }}
如果将浏览器关闭,从新打开一个浏览器访问ShowCookies接口,如下:
这是因为SetCookies接口中,有三个cookies是设置了失效时间,这个三个cookie是存储在客户端硬盘上的,而另外三个cookie是没有设置失效时间,这三个cookie属于本窗口和其子窗口,存储在内存中的。
2.session
Session是记录在服务器端的,如果浏览器允许Cookie写入,创建Session的时候把SessionID保存在Cookie里。
如果设置不允许,可以通过URL重写的方式实现Session的记录。
package com.test.session;import java.io.IOException;import java.io.PrintWriter;import java.util.Date;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class SessionInfoServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Returns the current session associated with this request, or if the request does not have a session, creates one. HttpSession mySession = request.getSession(true); response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Session Info Servlet"; out.println("<html>"); out.println("<head>"); out.println("<title>Session Info Servlet</title>"); out.println("</head>"); out.println("<body>"); out.println("<h3>Session Infomation</h3>"); // Returns true if the client does not yet know about the session or if the client chooses not to join the session. out.println("New Session:" + mySession.isNew() + "<br>"); // Returns a string containing the unique identifier assigned to this session. out.println("Session Id:" + mySession.getId() + "<br>"); // Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT. out.println("Session Create Time:" + new Date(mySession.getCreationTime()) + "<br>"); out.println("Session Last Access Time:" + new Date(mySession.getLastAccessedTime()) + "<br>"); out.println("<h3>Request Infomation</h3>"); // Returns the session ID specified by the client. out.println("Session Id From Request:" + request.getRequestedSessionId() + "<br>"); // Checks whether the requested session ID came in as a cookie. out.println("Session Id Via Cookie:" + request.isRequestedSessionIdFromCookie() + "<br>"); // Checks whether the requested session ID came in as part of the request URL. out.println("Session Id Via URL:" + request.isRequestedSessionIdFromURL() + "<br>"); // Checks whether the requested session ID is still valid. out.println("Valid Session Id:" + request.isRequestedSessionIdValid() + "<br>"); out.println("<a href=" + response.encodeURL("SessionInfoServlet") + ">refresh</a>"); out.println("</body></html>"); out.close(); }}
首先我们设置浏览器允许cookie的写入:
第一次访问http://localhost:8080/Cookies_Session/servlet/SessionInfoServlet
第一次访问时,是一个新的session,
此时我们访问http://localhost:8080/Cookies_Session/servlet/ShowCookies
可以发现,cookies里存储我们上面设置的session,这说明,Session是通过把sessionid保存在cookies里实现的。
我们再次访问http://localhost:8080/Cookies_Session/servlet/ShowCookies。
可以清晰的看到Sessionid并没有变化,且是通过cookies设置的。
我们设置流量器不支持cookies的情况(实验用的ie浏览器,其他的浏览器自行设置)。
多次访问http://localhost:8080/Cookies_Session/servlet/ShowCookies时,可以发现sessionid是变化的,说明禁用cookie后,是没法保存session会话的。
针对这种情况,可以通过URL重写来解决。
在代码中设置了refresh的链接,这个链接是通过encodeUrl()实现的,点击referesh链接。
URL重写是将session的sessionid拼接到url上,达到记录客户会话。
下面这个实验,可以很好的说明session的机制,如果浏览器没有禁用cookies,多次访问这个url后,会记录这个用户的访问次数,如果浏览器禁用了cookies,每次都是访问都生成一个新的session,相当于一个新用户,访问次数为0.
package com.test.session;import java.io.IOException;import java.io.PrintWriter;import java.util.Date;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Session追踪 * 如果浏览器支持Cookie,创建Session的时候会把SessionId保存在Cookie中 * 否则必须自己编程使用URL重写的方式实现Session:response.encodeURL() * */public class ShowSession extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=utf-8"); PrintWriter out = response.getWriter(); String str = "Session Tracking Example"; String heading; // 如果会话已经存在,则返回一个HttpSession;否则创建一个新的 HttpSession session = request.getSession(true); // 从当前session中读取属性accessCount的值 Integer accessCount = (Integer)session.getAttribute("accessCount"); if(accessCount == null) { accessCount = new Integer(0); heading = "Welcome new user"; } else { heading = "Welcome Back!"; accessCount = new Integer(accessCount.intValue() + 1); } session.setAttribute("accessCount", accessCount); out.println("<html><head><title>Session追踪</title></head>" + "<body>" + heading + "<br>" + "<h2>Information on Your Session</h2><br>" + "" + "<table border=1 align=center>" + "<TH>Info Type<TH>Value" + "<br>" + "<tr>" + "<td>ID</td>" + "<td>" + session.getId() +"</td></tr>" + "<tr>" + "<td>CreatTime</td>" + "<td>" + new Date(session.getCreationTime()) +"</td></tr>" + "<tr>" + "<td>LastAccessTime</td>" + "<td>" + new Date(session.getLastAccessedTime()) +"</td></tr>" + "<tr>" + "<td>Number of Access</td>" + "<td>" + accessCount +"</td></tr>" + "</body></html>"); }}
- Cookies与Session的总结
- session与cookies的区别
- cookies与session的区别
- session与cookies的区别
- Persistent cookies和Session cookies的定义与区别
- cookies 与session的区别和详解
- 简单比较 --session 与 cookies 的区别
- 【WEB前端】COOKIES与SESSION的区别
- Session与Cookies
- session与cookies
- session与cookies
- Session与Cookies
- Servlet-Session与Cookies
- session与cookies
- session、cookies与token
- session与cookies 面试笔记
- Session 与 Cookies 储存内容的类型比较
- Cookies欺骗与session欺骗的实例入侵
- openssl源代码结构
- js、jq学习笔记
- TCP粘包和拆包原因
- LeetCode: 485. Max Consecutive Ones
- varchar类型的字段存储纯数字的排序
- Cookies与Session的总结
- 靡不有初,鲜克有终,用博客记录自己进步的点点滴滴
- 一个爬虫工程师的梦
- Xcode8 注释插件 注释快捷键 VVDocumenter-Xcode?
- Module 的语法
- 20.判断括号的使用是否合法
- 菜鸟,大牛和教主,三者的区别
- hdu1114 完全背包
- linux常用命令