- session是为了保存状态(可以理解为数据)而在服务器端创建的对象
工作原理
当浏览器访问服务器时,服务器会创建一个session对象(该对象有一个唯一的id,一般称之为sessionid),服务器会将这个sessionId发送给浏览器(默认以cookie的形式发送),浏览器会将sessionId保存下来,当浏览器再次访问服务器时,会将sessionId发送给服务器,服务器依据sessionId找到服务器中对应的session对象
- 获得客户端请求过来的session对象
HttpSession getSession(boolean create) Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session. If create is false and the request has no valid HttpSession, this method returns null.
获得服务器端保存的session对象。
过程:如果客户端请求request中不包含sessionId,则返回false;如果客户端中包含sessionId,则依据客户端中的sessionId在服务器端查找对应的session对象,如果服务器不存在与之对应的session对象:
且create为true,则服务器端创建一个新的session;
且create为false,则返回null;
HttpSession getSession()等同于getSession(true) Returns the current session associated with this request, or if the request does not have a session, creates one.
- 利用session绑定数据的相关方法
void setAttribute(java.lang.String name, java.lang.Object value) Binds an object to this session, using the name specified. If an object of the same name is already bound to the session, the object is replaced. After this method executes, and if the new object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueBound. The container then notifies any HttpSessionAttributeListeners in the web application. If an object was already bound to this session of this name that implements HttpSessionBindingListener, its HttpSessionBindingListener.valueUnbound method is called. If the value passed in is null, this has the same effect as calling removeAttribute().
java.lang.Object getAttribute(java.lang.String name) Returns the object bound with the specified name in this session, or null if no object is bound under the name.
void removeAttribute(java.lang.String name) Removes the object bound with the specified name from this session. If the session does not have an object bound with the specified name, this method does nothing.
- session超时
服务器会将空闲时间过长的对象删掉,默认的超时时间为30分钟
具体的配置是在tonmcat的安装目录下的conf/web.xml中:
<!-- ==================== Default Session Configuration ================= --> <!-- You can set the default session timeout (in minutes) for all newly --> <!-- created sessions by modifying the value below. --> <session-config> <session-timeout>30</session-timeout> </session-config>
- 修改服务器缺省的超时时间:
- 在自己的项目的配置文件web.xml中使用同样的格式,修改里面的值即可;
- session.setMaxInactiveInterval(int interval)
void setMaxInactiveInterval(int interval) Specifies the time, in seconds, between client requests before the servlet container will invalidate(使无效) this session. A zero or negative time indicates that the session should never timeout. Parameters: interval - An integer specifying the number of seconds
- 删除session(使session无效)
void invalidate() Invalidates this session then unbinds any objects bound to it. Throws: java.lang.IllegalStateException - if this method is called on an already invalidated session
session验证
- 登陆之后,在session对象上绑定一些数据,比如session.setAttribute("user",user);
- 当用户访问需要保护的资源时(只有登录之后才能访问的资源),此时可以获取session中绑定的数据,Object o = session.getAttribute("user");然后判断o是否为null值,然后跳转到响应的页面;