什么是Java中的会话管理？ [英] What is session management in Java?

问题描述

我在面试中也遇到过这个问题。我对Session Scope& amp;它在java中管理。

I have faced this question in my Interview as well. I do have many confusion with Session Scope & it management in java.

在web.xml中我们有条目：

In web.xml we do have the entry :

<session-config>
        <session-timeout>
            30
        </session-timeout>
</session-config>

它实际上是什么意思？它是整个项目的范围吗？

What does it indicate actually ? Is it scope of whole project ?

让我感到困惑的另一点是我们如何在同一个项目中分离多个请求的会话范围？意味着我是否从PC和PC登录同时我从另一台PC登录，是否区分它？

Another point confusing me is how can we separate the session scope of multiple request in the same project? Means if I am logging in from a PC & at the same time I am logging in from another PC, does it differentiate it ?

另外，另一个令人困惑的事情是浏览器的不同之处。为什么不同的Gmails可以在不同的浏览器中打开？ Gmail可以阻止会话从登录到退出。如何通过我们的个人网络维护它？

Also, another confusing thing is the browser difference. Why does the different Gmails possible to open in different browsers ? And Gmail can prevent a session from Login to Logout. How is it maintained with our personal web ?

推荐答案

会话管理不仅限于Java和servlet。以下是它的大致情况：

Session management is not something limited to Java and servlets. Here's roughly how it happens:

1. HTTP协议是无状态的，因此服务器和浏览器应该有一种方式来存储用户通过多个请求


2. 浏览器将第一个请求发送到服务器



3. 服务器检查浏览器是否已使用会话cookie进行识别（见下文）

1. The HTTP protocol is stateless, so the server and the browser should have a way of storing the identity of the user through multiple requests
2. The browsers sends the first request to the server

3. The server checks whether the browser has identified with the session cookie (see below)

3.1。如果服务器不知道客户端：

3.1. if the server doesn't 'know' the client:

• 服务器创建一个新的唯一标识符，并将其放入映射（粗略），作为键，其值是新创建的Session。它还发送包含唯一标识符的cookie响应。

• the server creates a new unique identifier, and puts it in a Map (roughly), as a key, whose value is the newly created Session. It also sends a cookie response containing the unique identifier.

浏览器存储会话cookie（生命周期=浏览器实例的生命周期），包含唯一标识符标识符，并将其用于每个后续请求以唯一标识自己。

the browser stores the session cookie (with lifetime = the lifetime of the browser instance), containing the unique identifier, and uses it for each subsequent request to identify itself uniquely.

3.2。如果服务器已经知道客户端 - 服务器获得与会话cookie中找到的传递的唯一标识符相对应的会话

3.2. if the server already knows the client - the server obtains the Session corresponding to the passed unique identifier found in the session cookie

现在提出一些问题：

• 会话超时是未经访问的每个会话映射条目的生存时间。换句话说，如果客户端没有发送30分钟的请求（来自您的示例），会话映射将删除此条目，即使客户端使用会话cookie中的唯一键标识自己，也不会出现任何数据在服务器上。

• the session timeout is the time to live for each session map entry without being accessed. In other words, if a client does not send a request for 30 minutes (from your example), the session map will drop this entry, and even if the client identifies itself with the unique key in the session cookie, no data will be present on the server.

可以在不同的浏览器中打开不同的gmails（以及任何网站），因为会话cookie是每个浏览器。即每个浏览器通过不发送唯一会话ID或通过发送服务器为其生成的一个来唯一地标识自己。

different gmails (and whatever site) can be opened in different browsers because the session cookie is per-browser. I.e. each browser identifies itself uniquely by either not sending the unique session id, or by sending one the server has generated for it.

从不同的PC登录是相同的实际上 - 您不共享会话ID

logging from different PCs is the same actually - you don't share a session id

登出实际上是删除了服务器上会话ID的条目。

logging-out is actually removing the entry for the session id on the server.

注意：也可以存储唯一的会话ID：

Note: the unique session id can alternatively be stored:

• in a cookies


• 在网址中（ http： //example.com/page;JSESSIONID=435342342 ）


• 我不记得并且不感兴趣的2或3种其他方式

这篇关于什么是Java中的会话管理？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！