Session, Cookie及交互

会话(Session)跟踪是Web程序中常用的技术,用来跟踪用户的整个会话。常用的会话跟踪技术是Cookie与Session。

Cookie通过在客户端记录信息确定用户身份,Session通过在服务器端记录信息确定用户身份。

HTTP 是一种"无状态"协议,这意味着每次客户端检索网页时,客户端打开一个单独的连接到 Web 服务器,服务器会自动不保留之前客户端请求的任何记录。

但是仍然有以下三种方式来维持 Web 客户端和 Web 服务器之间的 session 会话:

Cookies:Session创建成功以后,会创建Cookie(key='JSESSIONID', value=Session ID)。通常情况下,一个浏览器的多个Tag可以共享一个Session对象。

隐藏的表单字段(Form适用):有些浏览器不支持Cookie,可以用表单隐藏域代替。

<input type="hidden" name="sessionid" value="12345">

URL 重写(Link适用):如果使用URL提交时,可以作为URL参数传递。

http://localhost:8080/ServletTest/login?sessionid=12345

下面是一个使用Cookie来维持Session会话的例子。重点代码讲解在例子中。

 package com.servlettest.session;

 import java.io.IOException;
import java.io.PrintWriter; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Login
*/
@WebServlet("/default")
public class Default extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { invalidateSession(request); response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("<form action=\"login\" method=\"POST\">");
out.println("帐号: <input type=\"text\" name=\"userId\"/><br/>");
out.println("密码: <input type=\"password\" name=\"password\"/><br/>");
out.println("<input type=\"submit\" value=\"提交\"/>"); // HttpServletRequest Attribute和Parameter的区别
// (1) HttpServletRequest 类有setAttribute()方法,而没有setParameter()方法。
// (2) 当两个Web组件之间为链接关系时,被链接的组件通过getParameter()方法来获得请求参数,一般通过表单和链接传递的参数使用getParameter。
// (3) 当两个Web组件之间为转发关系时,转发目标组件通过getAttribute()方法来和转发源组件共享request范围内的数据。
String message = (String) request.getAttribute("message");
if (message != null && message != "") {
out.println("<p>" + message + "</p>");
}
out.println("</body>");
out.println("</html>");
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
} private static void invalidateSession(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null)
session.invalidate();
}
}
 package com.servlettest.session;

 import java.io.IOException;
import java.util.HashMap;
import java.util.Map; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Login
*/
@WebServlet("/login")
public class Login extends HttpServlet { private static final long serialVersionUID = 1L; private static final Map<String, String[]> USER_INFO = initUserInfo(); /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html"); request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 获取用户登录信息
String userId = request.getParameter("userId");
String password = request.getParameter("password");
if ((userId == null || userId == "") || (password == null || password == "")) {
request.getRequestDispatcher("/default").forward(request, response);
} else if (USER_INFO.containsKey(userId)) {
String[] info = USER_INFO.get(userId);
if (info[1].equals(password)) {
// 创建Session
setSession(userId, info[0], request, response);
request.getRequestDispatcher("/welcome1").forward(request, response);
} else {
request.setAttribute("message", "帐号或密码错误!");
request.getRequestDispatcher("/default").forward(request, response);
}
} else {
request.setAttribute("message", "帐号或密码错误!");
request.getRequestDispatcher("/default").forward(request, response);
}
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
} private static Map<String, String[]> initUserInfo() { Map<String, String[]> result = new HashMap<>();
String[] user1 = { "张三", "123" };
result.put("101", user1);
String[] user2 = { "李四", "456" };
result.put("102", user2);
String[] user3 = { "王五", "789" };
result.put("103", user3); return result;
} private void setSession(String userId, String userName, HttpServletRequest request, HttpServletResponse response) {
// 如果不存在 session 会话,则创建一个 session 对象
HttpSession session = request.getSession(true);
String[] userInfo = { userId, userName };
session.setAttribute("USER_INFO", userInfo);
}
}
 package com.servlettest.session;

 import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Welcome
*/
@WebServlet("/welcome1")
public class Welcome1 extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 注意request.getSession() 等同于 request.getSession(true),除非我们确认session一定存在或者sesson不存在时明确有创建session的需要,否则请尽量使用request.getSession(false)
HttpSession session = request.getSession(false);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("您好 <b>" + userInfo[0] + "-" + userInfo[1] + "</b>, 这是Welcome1画面!");
out.println("<br/><a href = \"welcome2\">去welcome2</a> | <a href = \"default\">注销</a>");
out.println("<br/>");
out.println("<p>SessionID: " + session.getId() + "</p>");
Enumeration<String> names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
out.println("<p>" + names.nextElement() + ": " + session.getAttribute(name) + "</p>");
}
out.println("</table>");
out.println("</body>");
out.println("</html>");
out.close();
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
 package com.servlettest.session;

 import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Welcome
*/
@WebServlet("/welcome2")
public class Welcome2 extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 注意request.getSession() 等同于 request.getSession(true),除非我们确认session一定存在或者sesson不存在时明确有创建session的需要,否则请尽量使用request.getSession(false)
HttpSession session = request.getSession(false);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("您好 <b>" + userInfo[0] + "-" + userInfo[1] + "</b>, 这是Welcome2画面!");
out.println("<br/><a href = \"welcome1\">去welcome1</a> | <a href = \"default\">注销</a>");
out.println("<br/>");
out.println("<p>SessionID: " + session.getId() + "</p>");
Enumeration<String> names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
out.println("<p>" + names.nextElement() + ": " + session.getAttribute(name) + "</p>");
}
out.println("</body>");
out.println("</html>");
out.close();
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
 package com.servlettest.filter;

 import java.io.IOException;
import java.util.ArrayList;
import java.util.List; import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import com.servlettest.exception.PermissionException; public class PermissionFilter implements Filter { private final static List<String> URL = new ArrayList<>(); @Override
public void init(FilterConfig arg0) throws ServletException {
URL.add("/ServletTest/welcome1");
URL.add("/ServletTest/welcome2");
} @Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
if (arg0 instanceof HttpServletRequest && arg1 instanceof HttpServletResponse) {
HttpServletRequest req = (HttpServletRequest) arg0;
if (URL.contains(req.getRequestURI())) {
HttpSession session = req.getSession(true);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
if (userInfo == null) {
throw new PermissionException();
}
}
}
arg2.doFilter(arg0, arg1);
} @Override
public void destroy() {
}
}
 package com.servlettest.exception;

 public class PermissionException extends RuntimeException {

     private static final long serialVersionUID = 1L;

 }
 <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Forbidden</title>
</head>
<body>
<h2>403 禁止访问所请求的页面</h2>
</body>
</html>
 <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<filter>
<filter-name>permissionFilter</filter-name>
<filter-class>com.servlettest.filter.PermissionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>permissionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/html/forbidden.html</location>
</error-page>
<error-page>
<exception-type>com.servlettest.exception.PermissionException</exception-type>
<location>/html/forbidden.html</location>
</error-page>
<welcome-file-list>
<welcome-file>default</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>

Servlet(4):Session的更多相关文章

  1. Servlet和JSP学习指导与实践(二):Session追踪

    前言: web应用中经常需要对某些有用的信息进行存储或者附加一些信息.本文主要介绍session,即“会话”跟踪的几种不同方式~ ----------------------------4种管理ses ...

  2. Servlet(七):session

    Session 学习:问题: Request 对象解决了一次请求内的不同 Servlet 的数据共享问 题,那么一个用户的不同请求的处理需要使用相同的数据怎么办呢?解决: 使用 session 技术. ...

  3. Servlet(3):Cookie和Session

    一. Cookie Cookie是客户端技术,程序把每个用户的数据以cookie的形式写给用户各自的浏览器.当用户使用浏览器再去访问服务器中的web资源时,就会带着各自的数据去.这样,web资源处理的 ...

  4. servlet会话技术:Session

    问题的引出 1.在网上购物时,张三和李四购买的商品不一样,他们的购物车中显示的商品也不一样,这是怎么实现的呢? 2.不同的用户登录网站后,不管该用户浏览该网站的那个页面,都可以显示登录人的名字,同时可 ...

  5. 【转】java:Session(会话)机制详解

    书中讲:以下情况,Session结束生命周期,Servlet容器将Session所占资源释放:1.客户端关闭浏览器2.Session过期3.服务器端调用了HttpSession的invalidate( ...

  6. 面试题:servlet jsp cook session 背1

    一.Servlet是什么?JSP是什么?它们的联系与区别是什么? Servlet是Java编写的运行在Servlet容器的服务端程序,狭义的Servlet是指Servlet接口,广义的Servlet是 ...

  7. [原创]java WEB学习笔记33:Session 案例 之 购物车

    本博客为原创:综合 尚硅谷(http://www.atguigu.com)的系统教程(深表感谢)和 网络上的现有资源(博客,文档,图书等),资源的出处我会标明 本博客的目的:①总结自己的学习过程,相当 ...

  8. Java Web之Servlet及Cookie/Session

    Servlet参考文献: 1.http://www.cnblogs.com/luoxn28/p/5460073.html 2.http://www.cnblogs.com/xdp-gacl/p/376 ...

  9. MZY项目笔记:session歧路

    from my typora MZY项目笔记:session歧路 文章目录 MZY项目笔记:session歧路 那该怎么办? 1. 手动加上cookie的header. 2.自己模拟一个Session ...

随机推荐

  1. elk快速入门-filebeat

    filebeatFilebeat是一个日志文件托运工具,在你的服务器上安装客户端后,filebeat会监控日志目录或者指定的日志文件,追踪读取这些文件(追踪文件的变化,不停的读),并且转发这些信息到e ...

  2. [SC] OpenSCManager 失败 5:拒绝访问

    问题:[SC] OpenSCManager 失败 5: 网查这个错误信息指拒绝访问  权限不足 1.解决: 以管理员身份运行cmd,即可 查询这个提示是指什么错误时,看网上有很多文章写用下面这种方法, ...

  3. 自动生成SSM框架

    使用idea 新创建项目 然后 新创建 java .resources 文件夹...... 图上是项目结构 java文件夹下的 文件夹 命名规范 com.nf147(组织名)+ oukele(作者) ...

  4. 什么是http协议(一)

    http协议是大家在互联网中最为熟悉的协议,只要上网大家都会遇到,但是,很多人被问道什么是http协议,http协议的内容是什么就懵了.这里,我们随便聊聊http协议. 首先,我们说说协议.我一直觉得 ...

  5. 基于node.js的websocket 前后端交互小功能

    一.node var ws = require("nodejs-websocket"); console.log("开始建立连接...") var server ...

  6. luogu 3857 [TJOI2008]彩灯 线性基

    可以将每一个开关控制的灯的序列看作是0/1组成的二进制. 由于灯的开和关是满足异或的性质的,所以直接求一下线性基大小即可. 答案为 $2^{size}.$ #include <cstdio> ...

  7. [CSP-S模拟测试]:循环依赖(拓扑)

    题目传送门(内部题148) 输入格式 每个测试点第一行为一个正整数$T$,表示该测试点内的数据组数. 接下来$T$组数据,每组数据第一行一个正整数$n$,表示有引用单元格进行计算的单元格数,接下来$n ...

  8. QT的UDP组播技术

    一 UDP介绍 UDP是一种简单轻量级的传输层协议,提供无连接的,不可靠的报文传输.适合下面4种情况: 网络数据大多为短消息. 拥有大量客户端. 对数据安全性无特殊要求 网络负担非常重,但对响应速度要 ...

  9. 【黑马JavaSE】1_1_11_IDEA、12_方法、13_重载

    文章目录 1_1_11_01开发工具IntelliJ IDEA 1.3 创建包.查看包的目录结构 1.5 字体设置(File->Settings->Editor->Font) 1.6 ...

  10. spark streaming 与 storm的对比

    feature    strom (trident) spark streaming 说明 并行框架 基于DAG的任务并行计算引擎(task parallel continuous computati ...