1, Does the Session exist on the server or in tomcat?
Case demonstration process:
1. Create a springboot project
2. Start the project
3. Call login interface
4. Call the interface for obtaining user information
5. Restart the tomcat call to obtain the user information interface
1. Create a springboot project
pom
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency>
Test case
package com.gblfy.distributed.session.controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpSession; @RequestMapping("/user") @RestController public class UserController { @GetMapping("/login") public String login(@RequestParam String username, @RequestParam String password, HttpSession session){ //The account and password are correct session.setAttribute("login_user", username); return "Login successful"; } @GetMapping("/info") public String info(HttpSession session) { return "Currently logged in:" + session.getAttribute("login_user"); } }
2. Start the project
3. Call login interface
#Login interface http://localhost:8081/user/login
4. Call the interface for obtaining user information
#Get user information interface http://localhost:8081/user/info
After the user logs in, the user information can be obtained normally
5. Restart the tomcat call to obtain the user information interface
It is found that after restarting the tomcat call to obtain the user information interface, the user information is null
The conclusion is that session cannot be shared. The following will continue to prove it
2, Relationship between Session and Cookie
The difference between cookie and session:
- 1. The cookie data is stored on the client's browser, and the session data is placed on the server.
- 2. Cookies are not very safe. Others can analyze the cookies stored locally and cheat them
For security reasons, session should be used. - 3. The session will be saved on the server for a certain period of time. When access increases, the performance of your server will be compared
Considering mitigating server performance, COOKIE should be used. - 4. The data saved by a single cookie cannot exceed 4K. Many browsers restrict a site to save up to 20 cookies
- 5. There is no separation between session and Cookie. Session is stored on the property set Cookie in the Header requested by the browser
3, Traditional Session
3.1. Start project
Demonstrate that the same program starts port 8081 and port 8082 to simulate two distributed servers
3.2. Browser Test
1. Call 8081 login interface
2. Call 8081 to obtain the user information interface, and the user information can be obtained normally
3. Call 8082 to obtain user information interface, unable to obtain user information
#Login interface http://localhost:8081/user/login http://localhost:8082/user/login #Get user information interface http://localhost:8081/user/info http://localhost:8082/user/info
The conclusion is that session cannot be shared
4, Distributed Session solution
4.1. Spring Session + Redis
https://gblfy.blog.csdn.net/article/details/113807497
4.2. Token + Redis
https://gblfy.blog.csdn.net/article/details/113807504