DWQA QuestionsCategory: ProgramIs the following cookie experiment correct
Autumn wind and autumn rain asked 9 months ago

Can the following experiment summarize the principle in a few short sentences? At present, we only know that the fact is as follows

Server: Tomcat

Path to the root of the project: localhost:8080/project
Path of a servlet in the project: localhost:8080/project/MyCookie

Where is the path localhost:8080/project/MyCookie The following servlet is accessed:

public class MyCookie extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        Cookie[] cookies = request.getCookies();
        for(int i = 0; cookies != null && i < cookies.length;i++){
            //If no statement is displayed in the browser, the cookie is not obtained
            response.getWriter (). Println ("cookies [i]. Getname():" + cookies [i]. Getname() + cookies [i]. Getvalue());

Is the following description correct

1) When accessing the root directory of the project directly for the first time, Tomcat server will send cookies to the browser, which can be displayed in the response header
    You can see a similar header in
 Set-Cookie:JSESSIONID=544F9C73731E416ECC15CF5A204C2023; Path=/project; HttpOnly;

2) When you visit the root directory of the project for the second time in a certain period of time, the Tomcat server will not send any more messages to the browser
    Send a cookie, but the browser will send a cookie to the server. You can see in the request header:

3) Remove all cookies from the browser;

4) When you directly access the specific servlet of the project (that is, direct access) localhost:8080/project/MyCookie  ),
At this point, no matter how many times this servlet is accessed, no cookie will be obtained

5) If you first access the root directory of the project, and then access the servlet in (4),
At this point, the servlet can get the cookie.
1 Answers
Spicy chicken answered 9 months ago

Does 4 mean that you can’t get the sessionid by getting the sessionid, deleting it and accessing it again?
Tomcat should be used to judge whether the session ID is present in the request and continue the session. If not, a new session will return the session ID
In the browser, delete the cookie containing the sessionid, the server should think it is a new session, and the new sessionid returned has nothing to do with the path