1、Cookie
/** * Creates a cookie, a small amount of information sent by a servlet to a Web browser, saved by the browser, and later sent back to the server. A cookie's value can uniquely identify a client, so cookies are commonly used for * session management. * <p> * A cookie has a name, a single value, and optional attributes such as a comment, path and domain qualifiers, a maximum age, and a version number. Some Web browsers have bugs in how they handle the optional attributes, so * use them sparingly to improve the interoperability of your servlets. * <p> * The servlet sends cookies to the browser by using the {@link HttpServletResponse#addCookie} method, which adds fields to HTTP response headers to send cookies to the browser, one at a time. The browser is expected to
* support 20 cookies for each Web server, 300 cookies total, and may limit cookie size to 4 KB each. * <p> * The browser returns cookies to the servlet by adding fields to HTTP request headers. Cookies can be retrieved from a request by using the {@link HttpServletRequest#getCookies} method. Several cookies might have the * same name but different path attributes. * <p> * Cookies affect the caching of the Web pages that use them. HTTP 1.0 does not cache pages that use cookies created with this class. This class does not support the cache control defined with HTTP 1.1. * <p> * This class supports both the RFC 2109 and the RFC 6265 specifications. By default, cookies are created using RFC 6265. */
public class Cookie implements Cloneable, Serializable {
}
2、Session
/** * Provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user. * <p> * The servlet container uses this interface to create a session between an HTTP client and an HTTP server. The session persists for a specified time period, across more than one connection or page request from the user. A session * usually corresponds to one user, who may visit a site many times. The server can maintain a session in many ways such as using cookies or rewriting URLs. * <p> * This interface allows servlets to * <ul> * <li>View and manipulate information about a session, such as the session identifier, creation time, and last accessed time Bind objects to sessions, allowing user information to persist across multiple user connections * </ul> * <p> * When an application stores an object in or removes an object from a session, the session checks whether the object implements {@link HttpSessionBindingListener}. If it does, the servlet notifies the object that it has been bound to or unbound from the session. Notifications * are sent after the binding methods complete. For session that are invalidated or expire, notifications are sent after the session has been invalidated or expired. * <p> * When container migrates a session between VMs in a distributed container * setting, all session attributes implementing the * {@link HttpSessionActivationListener} interface are notified. * <p> * A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Until the client joins the session, <code>isNew</code> returns <code>true</code>. * If the client chooses not to join the session, <code>getSession</code> will return a different session on each request, and <code>isNew</code> will always return <code>true</code>. * <p> * Session information is scoped only to the current web application ( <code>ServletContext</code>), so information stored in one context will not be directly visible in another. * * @see HttpSessionBindingListener */ public interface HttpSession { /** * Returns the time when this session was created, measured in milliseconds * since midnight January 1, 1970 GMT. * * @return a <code>long</code> specifying when this session was created, * expressed in milliseconds since 1/1/1970 GMT * @exception IllegalStateException * if this method is called on an invalidated session */ public long getCreationTime(); }