Questions about Cookie and Session to enable users to log in-free? - Codes Helper - Programming Question Answer

Questions about Cookie and Session to enable users to log in-free?

normally, the validity time of the cookie should be the same as the destruction time of the session object.
but if it is not the same,
1. The valid time for cookie is up, and the time for session destruction is not up. At this time, the jsessionid is gone, and the server will recreate a new session,. Does the original session have to wait until the termination time is up?

2. If the valid time for cooke is not up, and the time for session destruction is up, and the server creates a new session, based on this jsessionid, then it is still logged in or not logged in, or is it login-free?

3. GetSession will automatically create a cookie, for us. If we want to set the time when cookie is valid, we can only create one by ourselves, and then response.add (cookie), won"t there be two cookie at this time

?

4. If the login is exempted for seven days, and we set the cookie for seven days in the request method, then the valid time will be reset for each request. For example, if I re-request after three days, will it be set for another seven days

?

Session cookie java-web java

Mar.15,2021

cookie is maintained by the browser and session is maintained by the server. There is no absolute relationship between the two, but in general, the server uses cookie to maintain session.

as for limitation:

session cookie is deleted when the browser is closed (or the next time it starts), so session cookie will not expire as long as the browser is not closed.
session will expire if it is not read / set for a certain period of time.

you can find that they are not Synchronize, so why can't you actually feel them? Because the session cookie will not expire if you do not restart the browser or delete the cookie, manually, and most users will not log on to a website and do not operate for a few hours (live / video websites will have network requests even if they do not operate, and the background can automatically renew them), so the session can also be maintained.
you can try this operation:

Log in to a website (do not choose to log in automatically), then restart your browser, and then visit the site, and the landing page should appear.
Log in to a website (such as a forum, do not choose to log in automatically), then do not click on the page for two hours, do not close the browser, and then see if re-login is required.

as for seven-day login-free, it is generally necessary to add salt hash, and record some of the user's information to the database, and set a new cookie, to expire for seven days. When users visit the website, if they do not log in, they will automatically log in if the cookie is correct. From the user's point of view, it is login-free.

what I understand is that the jsessionid in cookie stores sessionId, and the server needs to retrieve session
Tomcat based on this Id. By default, it is implemented in ConcurrentHashMap

.

protected Map<String, Object> attributes = new ConcurrentHashMap<String, Object>();

jsessionid is gone. You need to log in again to get a new jsessionid

it's time for 2.session to be destroyed. Depending on whether the session, cannot be obtained by sessionId, whether to re-create a new session depends on the configuration

javax.servlet.http.HttpServletRequest.getSession(boolean create)

In the

3.session mechanism, the life cycle of jsessionid is before the browser is closed

4. Login-free, the user name and password can be encrypted and stored in the client through Cookie. When the Session on the server is destroyed, the login operation is performed again using the information stored in the Cookie to rebuild the Session, and update the Session ID stored in the Cookie on the client

.

Previous: Can map or submit? be called again in executor.map () in concurrent.future?

Next: Under https, POST requests to report to illegal request.

Menu