HttpSession之Cookie 原
参考链接:https://www.studytonight.com/servlet/storing-session-using-cookies.php
- Cookie are small pieces of information that are sent in response from the web server to the client.
- Cookie are the simplest technique used for storing client state.
- Cookie are stored on client's computer. They have a lifespan and are destroyed by the client browser at the end of that lifespan.
即Cookie是web container生成的,存储一小块信息,是web container通过response返回给client的,Cookie存储在client的浏览器中,它有个存活时间,到时间了就会被浏览器销毁。
Cookie有个缺点就是,如果Cookie被存储在浏览器中了,那么它是不能被修改的,因为浏览器不允许修改Cookie。
public class Cookie implements Cloneable, Serializable {
private static final long serialVersionUID = -6454587001725327448L;
private static final String TSPECIALS;
private static final String LSTRING_FILE =
"javax.servlet.http.LocalStrings";
private static ResourceBundle lStrings =
ResourceBundle.getBundle(LSTRING_FILE);
static {
if (Boolean.valueOf(System.getProperty("org.glassfish.web.rfc2109_cookie_names_enforced", "true"))) {
TSPECIALS = "/()<>@,;:\\\"[]?={} \t";
} else {
TSPECIALS = ",; ";
}
}
//
// The value of the cookie itself.
//
private String name; // NAME= ... "$Name" style is reserved
private String value; // value of NAME
//
// Attributes encoded in the header's cookie fields.
//
private String comment; // ;Comment=VALUE ... describes cookie's use
// ;Discard ... implied by maxAge < 0
private String domain; // ;Domain=VALUE ... domain that sees cookie
private int maxAge = -1; // ;Max-Age=VALUE ... cookies auto-expire
private String path; // ;Path=VALUE ... URLs that see the cookie
private boolean secure; // ;Secure ... e.g. use SSL
private int version = 0; // ;Version=1 ... means RFC 2109++ style
private boolean isHttpOnly = false;图1 servlet-3.0.1 中的Cookie属性,支持HTTP/1.0和HTTP/1.1
Cookie中的name,多个Cookie时,name允许重复,但是这个value是全局唯一的,这个value的值就是我们平时所说的HttpSession ID。
下面的图2是在Chrome中截图的:
图2 Chrome中截的Cookie信息
下面的图3,原图地址。
图3 创建Cookie、设置属性
在Servlet中,可以在HttpServletResponse中通过addcookie()方法添加Cookie到response中,将cookie返回给client的browser。
在Servlet中,可以在HttpServletRequest中,通过getCookies()方法,获得所有的Cookie。
来看下Tomcat8中,HttpServletResponse的addCookie()是怎么实现的,具体可以看下org.apache.catalina.connector.Response的实现,如下图4所示:
@Override
public void addCookie(final Cookie cookie) {
// Ignore any call from an included servlet
if (included || isCommitted()) {
return;
}
String header = generateCookieString(cookie);
//if we reached here, no exception, cookie is valid
// the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
// RFC2965 is not supported by browsers and the Servlet spec
// asks for 2109.
addHeader("Set-Cookie", header);
}图4 HttpServletResponse的addCookie方法
在generateCookieString(cookie)中,会将Cookie中的属性拼接为String类型,之后通过addHeader("Set-Cookie", header),将Cookie信息放入Response的Header。
HttpServletResponse的addCookie(Cookie)可以被多次调用,这样就可以设置多个Cookie到同一个Response中。
(adsbygoogle = window.adsbygoogle || []).push({});