Provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user. The servlet container uses this interface to create a session between an HTTP client and an HTTP server. The session persists for a specified time period, across more than one connection or page request from the user. A session usually corresponds to one user, who may visit a site many times. The server can maintain a session in many ways such as using cookies or rewriting URLs. This interface allows servlets to View and manipulate information about a session, such as the session identifier, creation time, and last accessed time Bind objects to sessions, allowing user information to persist across multiple user connections When an application stores an object in or removes an object from a session, the session checks whether the object implements HttpSessionBindingListener. If it does, the servlet notifies the object that it has been bound to or unbound from the session. Notifications are sent after the binding methods complete. For session that are invalidated or expire, notifications are sent after the session has been invalidatd or expired. When container migrates a session between VMs in a distributed container setting, all session atributes implementing the HttpSessionActivationListener interface are notified. A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Until the client joins the session, isNew returns true. If the client chooses not to join the session, getSession will return a different session on each request, and isNew will always return true. Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another.
用户名等等……
为了要记住这些信息,服务器要产生一个ID来表明是哪一个用户,然后把
用户的信息都捆绑到这个ID上来。这就是SessionID。
而在客户端的浏览器有一个东东叫Cookie,它可以保存很多信息,包括SessionID。
当你在用JSP的session对象加一个信息时,实际上session对象底层的操作
会把SessionID写入到客户端的Cookie中。
这样,浏览器就可以在访问某个站点的网页时发送Cookie信息,服务器得到
这个信息后就知道SessionID,然后通过这个ID找到保存好的用户的一些信息。当然,服务器端的Session有一个超时限制,一旦某个Session没有被用到的时间超过某个值,就把和这个SessionID关联的用户信息删除。
现在有很多网站都不用JSP自己提供的session对象来管理Session。
因为一旦用户把浏览器的Cookie关闭,那么就会导致网站的一些功能无法正常使用。一般的解决办法就是把SessionID放在URL中体现。
例如:
263的某URL:http://202.96.44.16/cgi/ldapapp?funcid=main&sid=PAphCaEtthOAkCrP
sina的某URL:http://mail.sina.com.cn/cgi-bin/mail.cgi?4600
上面的“PAphCaEtthOAkCrP”和“4600”都是SessionID的表示方式。
Bind objects to sessions, allowing user information to persist across multiple user connections
When an application stores an object in or removes an object from a session, the session checks whether the object implements HttpSessionBindingListener. If it does, the servlet notifies the object that it has been bound to or unbound from the session. Notifications are sent after the binding methods complete. For session that are invalidated or expire, notifications are sent after the session has been invalidatd or expired. When container migrates a session between VMs in a distributed container setting, all session atributes implementing the HttpSessionActivationListener interface are notified. A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Until the client joins the session, isNew returns true. If the client chooses not to join the session, getSession will return a different session on each request, and isNew will always return true. Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another.