Servlet(4):Session
Session, Cookie及交互
会话(Session)跟踪是Web程序中常用的技术,用来跟踪用户的整个会话。常用的会话跟踪技术是Cookie与Session。
Cookie通过在客户端记录信息确定用户身份,Session通过在服务器端记录信息确定用户身份。
HTTP 是一种"无状态"协议,这意味着每次客户端检索网页时,客户端打开一个单独的连接到 Web 服务器,服务器会自动不保留之前客户端请求的任何记录。
但是仍然有以下三种方式来维持 Web 客户端和 Web 服务器之间的 session 会话:
Cookies:Session创建成功以后,会创建Cookie(key='JSESSIONID', value=Session ID)。通常情况下,一个浏览器的多个Tag可以共享一个Session对象。
隐藏的表单字段(Form适用):有些浏览器不支持Cookie,可以用表单隐藏域代替。
<input type="hidden" name="sessionid" value="12345">
URL 重写(Link适用):如果使用URL提交时,可以作为URL参数传递。
http://localhost:8080/ServletTest/login?sessionid=12345
下面是一个使用Cookie来维持Session会话的例子。重点代码讲解在例子中。
package com.servlettest.session; import java.io.IOException;
import java.io.PrintWriter; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Login
*/
@WebServlet("/default")
public class Default extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { invalidateSession(request); response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("<form action=\"login\" method=\"POST\">");
out.println("帐号: <input type=\"text\" name=\"userId\"/><br/>");
out.println("密码: <input type=\"password\" name=\"password\"/><br/>");
out.println("<input type=\"submit\" value=\"提交\"/>"); // HttpServletRequest Attribute和Parameter的区别
// (1) HttpServletRequest 类有setAttribute()方法,而没有setParameter()方法。
// (2) 当两个Web组件之间为链接关系时,被链接的组件通过getParameter()方法来获得请求参数,一般通过表单和链接传递的参数使用getParameter。
// (3) 当两个Web组件之间为转发关系时,转发目标组件通过getAttribute()方法来和转发源组件共享request范围内的数据。
String message = (String) request.getAttribute("message");
if (message != null && message != "") {
out.println("<p>" + message + "</p>");
}
out.println("</body>");
out.println("</html>");
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
} private static void invalidateSession(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null)
session.invalidate();
}
}
package com.servlettest.session; import java.io.IOException;
import java.util.HashMap;
import java.util.Map; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Login
*/
@WebServlet("/login")
public class Login extends HttpServlet { private static final long serialVersionUID = 1L; private static final Map<String, String[]> USER_INFO = initUserInfo(); /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html"); request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 获取用户登录信息
String userId = request.getParameter("userId");
String password = request.getParameter("password");
if ((userId == null || userId == "") || (password == null || password == "")) {
request.getRequestDispatcher("/default").forward(request, response);
} else if (USER_INFO.containsKey(userId)) {
String[] info = USER_INFO.get(userId);
if (info[1].equals(password)) {
// 创建Session
setSession(userId, info[0], request, response);
request.getRequestDispatcher("/welcome1").forward(request, response);
} else {
request.setAttribute("message", "帐号或密码错误!");
request.getRequestDispatcher("/default").forward(request, response);
}
} else {
request.setAttribute("message", "帐号或密码错误!");
request.getRequestDispatcher("/default").forward(request, response);
}
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
} private static Map<String, String[]> initUserInfo() { Map<String, String[]> result = new HashMap<>();
String[] user1 = { "张三", "123" };
result.put("101", user1);
String[] user2 = { "李四", "456" };
result.put("102", user2);
String[] user3 = { "王五", "789" };
result.put("103", user3); return result;
} private void setSession(String userId, String userName, HttpServletRequest request, HttpServletResponse response) {
// 如果不存在 session 会话,则创建一个 session 对象
HttpSession session = request.getSession(true);
String[] userInfo = { userId, userName };
session.setAttribute("USER_INFO", userInfo);
}
}
package com.servlettest.session; import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Welcome
*/
@WebServlet("/welcome1")
public class Welcome1 extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 注意request.getSession() 等同于 request.getSession(true),除非我们确认session一定存在或者sesson不存在时明确有创建session的需要,否则请尽量使用request.getSession(false)
HttpSession session = request.getSession(false);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("您好 <b>" + userInfo[0] + "-" + userInfo[1] + "</b>, 这是Welcome1画面!");
out.println("<br/><a href = \"welcome2\">去welcome2</a> | <a href = \"default\">注销</a>");
out.println("<br/>");
out.println("<p>SessionID: " + session.getId() + "</p>");
Enumeration<String> names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
out.println("<p>" + names.nextElement() + ": " + session.getAttribute(name) + "</p>");
}
out.println("</table>");
out.println("</body>");
out.println("</html>");
out.close();
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
package com.servlettest.session; import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Welcome
*/
@WebServlet("/welcome2")
public class Welcome2 extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 注意request.getSession() 等同于 request.getSession(true),除非我们确认session一定存在或者sesson不存在时明确有创建session的需要,否则请尽量使用request.getSession(false)
HttpSession session = request.getSession(false);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("您好 <b>" + userInfo[0] + "-" + userInfo[1] + "</b>, 这是Welcome2画面!");
out.println("<br/><a href = \"welcome1\">去welcome1</a> | <a href = \"default\">注销</a>");
out.println("<br/>");
out.println("<p>SessionID: " + session.getId() + "</p>");
Enumeration<String> names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
out.println("<p>" + names.nextElement() + ": " + session.getAttribute(name) + "</p>");
}
out.println("</body>");
out.println("</html>");
out.close();
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
package com.servlettest.filter; import java.io.IOException;
import java.util.ArrayList;
import java.util.List; import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import com.servlettest.exception.PermissionException; public class PermissionFilter implements Filter { private final static List<String> URL = new ArrayList<>(); @Override
public void init(FilterConfig arg0) throws ServletException {
URL.add("/ServletTest/welcome1");
URL.add("/ServletTest/welcome2");
} @Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
if (arg0 instanceof HttpServletRequest && arg1 instanceof HttpServletResponse) {
HttpServletRequest req = (HttpServletRequest) arg0;
if (URL.contains(req.getRequestURI())) {
HttpSession session = req.getSession(true);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
if (userInfo == null) {
throw new PermissionException();
}
}
}
arg2.doFilter(arg0, arg1);
} @Override
public void destroy() {
}
}
package com.servlettest.exception;
public class PermissionException extends RuntimeException {
private static final long serialVersionUID = 1L;
}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Forbidden</title>
</head>
<body>
<h2>403 禁止访问所请求的页面</h2>
</body>
</html>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<filter>
<filter-name>permissionFilter</filter-name>
<filter-class>com.servlettest.filter.PermissionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>permissionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/html/forbidden.html</location>
</error-page>
<error-page>
<exception-type>com.servlettest.exception.PermissionException</exception-type>
<location>/html/forbidden.html</location>
</error-page>
<welcome-file-list>
<welcome-file>default</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
Servlet(4):Session的更多相关文章
- Servlet和JSP学习指导与实践(二):Session追踪
前言: web应用中经常需要对某些有用的信息进行存储或者附加一些信息.本文主要介绍session,即“会话”跟踪的几种不同方式~ ----------------------------4种管理ses ...
- Servlet(七):session
Session 学习:问题: Request 对象解决了一次请求内的不同 Servlet 的数据共享问 题,那么一个用户的不同请求的处理需要使用相同的数据怎么办呢?解决: 使用 session 技术. ...
- Servlet(3):Cookie和Session
一. Cookie Cookie是客户端技术,程序把每个用户的数据以cookie的形式写给用户各自的浏览器.当用户使用浏览器再去访问服务器中的web资源时,就会带着各自的数据去.这样,web资源处理的 ...
- servlet会话技术:Session
问题的引出 1.在网上购物时,张三和李四购买的商品不一样,他们的购物车中显示的商品也不一样,这是怎么实现的呢? 2.不同的用户登录网站后,不管该用户浏览该网站的那个页面,都可以显示登录人的名字,同时可 ...
- 【转】java:Session(会话)机制详解
书中讲:以下情况,Session结束生命周期,Servlet容器将Session所占资源释放:1.客户端关闭浏览器2.Session过期3.服务器端调用了HttpSession的invalidate( ...
- 面试题:servlet jsp cook session 背1
一.Servlet是什么?JSP是什么?它们的联系与区别是什么? Servlet是Java编写的运行在Servlet容器的服务端程序,狭义的Servlet是指Servlet接口,广义的Servlet是 ...
- [原创]java WEB学习笔记33:Session 案例 之 购物车
本博客为原创:综合 尚硅谷(http://www.atguigu.com)的系统教程(深表感谢)和 网络上的现有资源(博客,文档,图书等),资源的出处我会标明 本博客的目的:①总结自己的学习过程,相当 ...
- Java Web之Servlet及Cookie/Session
Servlet参考文献: 1.http://www.cnblogs.com/luoxn28/p/5460073.html 2.http://www.cnblogs.com/xdp-gacl/p/376 ...
- MZY项目笔记:session歧路
from my typora MZY项目笔记:session歧路 文章目录 MZY项目笔记:session歧路 那该怎么办? 1. 手动加上cookie的header. 2.自己模拟一个Session ...
随机推荐
- 第十五届四川省省赛 SCU - 4443 Range Query
先给你1~N的N个数 再给你每种最多50个的条件(ai,bi,ci) 或者[ai,bi,ci] (ai,bi,ci)表示下标ai到bi的最小值必为ci [ai,bi,ci]表示下标ai到bi的最大值必 ...
- ubuntu学习笔记-tar 解压缩命令详解(转)
tar 解压缩命令详解 -c: 建立压缩档案 -x:解压-t:查看内容-r:向压缩归档文件末尾追加文件-u:更新原压缩包中的文件 这五个是独立的命令,压缩解压都要用到其中一个,可以和别的命令连用但只能 ...
- Linux之yum软件管理
YUM yum = Yellow dog Updater, Modified主要功能是更方便的添加/删除/更新RPM包.它能自动解决包的倚赖性问题. 它能便于管理大量系统的更新问题 yum特点 *可以 ...
- es实战之查询大量数据
背景 项目中已提供海量日志数据的多维实时查询,客户提出新需求:将数据导出. 将数据导出分两步: 查询大量数据 将数据生成文件并下载 本文主要探讨第一步,在es中查询大量数据或者说查询大数据集. es支 ...
- 解决git提交敏感信息(回退git版本库到某一个commit)
解决git提交敏感信息(回退git版本库到某一个commit) Fri 07 June 2013 git是一个很好的版本库, 现在很多人用它, 并在github上创建项目, 相信大家都有过将敏感信息提 ...
- 运维堡垒机(跳板机)系统 python
相信各位对堡垒机(跳板机)不陌生,为了保证服务器安全,前面加个堡垒机,所有ssh连接都通过堡垒机来完成,堡垒机也需要有 身份认证,授权,访问控制,审计等功能,笔者用Python基本实现了上述功能. A ...
- 2 APIView与序列化组件
1.入门 1.1 参考blog 官方文档:http://www.django-rest-framework.org/tutorial/quickstart/#quickstart yuan的Blog: ...
- sql——limit
PageHelper: https://blog.csdn.net/baidu_38083619/article/details/82463058 Sql执行顺序: https://blog.csdn ...
- HTML5测试题整理Ⅰ
1.在 HTML5 中,哪个元素用于组合标题元素? 答案:<hgroup> 2.HTML5 中不再支持哪个元素? 答案:<font>,<acronym>,< ...
- Mysql教程-自动备份数据库
批处理命令: set"Ymd=%date:~,4%%date:~5,2%%date:~8,2%" set"hMs=%time:~,2%%time:~3,2%%tim ...