Servlet(4):Session
Session, Cookie及交互
会话(Session)跟踪是Web程序中常用的技术,用来跟踪用户的整个会话。常用的会话跟踪技术是Cookie与Session。
Cookie通过在客户端记录信息确定用户身份,Session通过在服务器端记录信息确定用户身份。
HTTP 是一种"无状态"协议,这意味着每次客户端检索网页时,客户端打开一个单独的连接到 Web 服务器,服务器会自动不保留之前客户端请求的任何记录。
但是仍然有以下三种方式来维持 Web 客户端和 Web 服务器之间的 session 会话:
Cookies:Session创建成功以后,会创建Cookie(key='JSESSIONID', value=Session ID)。通常情况下,一个浏览器的多个Tag可以共享一个Session对象。
隐藏的表单字段(Form适用):有些浏览器不支持Cookie,可以用表单隐藏域代替。
<input type="hidden" name="sessionid" value="12345">
URL 重写(Link适用):如果使用URL提交时,可以作为URL参数传递。
http://localhost:8080/ServletTest/login?sessionid=12345
下面是一个使用Cookie来维持Session会话的例子。重点代码讲解在例子中。
package com.servlettest.session; import java.io.IOException;
import java.io.PrintWriter; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Login
*/
@WebServlet("/default")
public class Default extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { invalidateSession(request); response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("<form action=\"login\" method=\"POST\">");
out.println("帐号: <input type=\"text\" name=\"userId\"/><br/>");
out.println("密码: <input type=\"password\" name=\"password\"/><br/>");
out.println("<input type=\"submit\" value=\"提交\"/>"); // HttpServletRequest Attribute和Parameter的区别
// (1) HttpServletRequest 类有setAttribute()方法,而没有setParameter()方法。
// (2) 当两个Web组件之间为链接关系时,被链接的组件通过getParameter()方法来获得请求参数,一般通过表单和链接传递的参数使用getParameter。
// (3) 当两个Web组件之间为转发关系时,转发目标组件通过getAttribute()方法来和转发源组件共享request范围内的数据。
String message = (String) request.getAttribute("message");
if (message != null && message != "") {
out.println("<p>" + message + "</p>");
}
out.println("</body>");
out.println("</html>");
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
} private static void invalidateSession(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null)
session.invalidate();
}
}
package com.servlettest.session; import java.io.IOException;
import java.util.HashMap;
import java.util.Map; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Login
*/
@WebServlet("/login")
public class Login extends HttpServlet { private static final long serialVersionUID = 1L; private static final Map<String, String[]> USER_INFO = initUserInfo(); /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html"); request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 获取用户登录信息
String userId = request.getParameter("userId");
String password = request.getParameter("password");
if ((userId == null || userId == "") || (password == null || password == "")) {
request.getRequestDispatcher("/default").forward(request, response);
} else if (USER_INFO.containsKey(userId)) {
String[] info = USER_INFO.get(userId);
if (info[1].equals(password)) {
// 创建Session
setSession(userId, info[0], request, response);
request.getRequestDispatcher("/welcome1").forward(request, response);
} else {
request.setAttribute("message", "帐号或密码错误!");
request.getRequestDispatcher("/default").forward(request, response);
}
} else {
request.setAttribute("message", "帐号或密码错误!");
request.getRequestDispatcher("/default").forward(request, response);
}
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
} private static Map<String, String[]> initUserInfo() { Map<String, String[]> result = new HashMap<>();
String[] user1 = { "张三", "123" };
result.put("101", user1);
String[] user2 = { "李四", "456" };
result.put("102", user2);
String[] user3 = { "王五", "789" };
result.put("103", user3); return result;
} private void setSession(String userId, String userName, HttpServletRequest request, HttpServletResponse response) {
// 如果不存在 session 会话,则创建一个 session 对象
HttpSession session = request.getSession(true);
String[] userInfo = { userId, userName };
session.setAttribute("USER_INFO", userInfo);
}
}
package com.servlettest.session; import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Welcome
*/
@WebServlet("/welcome1")
public class Welcome1 extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 注意request.getSession() 等同于 request.getSession(true),除非我们确认session一定存在或者sesson不存在时明确有创建session的需要,否则请尽量使用request.getSession(false)
HttpSession session = request.getSession(false);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("您好 <b>" + userInfo[0] + "-" + userInfo[1] + "</b>, 这是Welcome1画面!");
out.println("<br/><a href = \"welcome2\">去welcome2</a> | <a href = \"default\">注销</a>");
out.println("<br/>");
out.println("<p>SessionID: " + session.getId() + "</p>");
Enumeration<String> names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
out.println("<p>" + names.nextElement() + ": " + session.getAttribute(name) + "</p>");
}
out.println("</table>");
out.println("</body>");
out.println("</html>");
out.close();
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
package com.servlettest.session; import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; /**
* Servlet implementation class Welcome
*/
@WebServlet("/welcome2")
public class Welcome2 extends HttpServlet { private static final long serialVersionUID = 1L; /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html");
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8"); // 注意request.getSession() 等同于 request.getSession(true),除非我们确认session一定存在或者sesson不存在时明确有创建session的需要,否则请尽量使用request.getSession(false)
HttpSession session = request.getSession(false);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("您好 <b>" + userInfo[0] + "-" + userInfo[1] + "</b>, 这是Welcome2画面!");
out.println("<br/><a href = \"welcome1\">去welcome1</a> | <a href = \"default\">注销</a>");
out.println("<br/>");
out.println("<p>SessionID: " + session.getId() + "</p>");
Enumeration<String> names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
out.println("<p>" + names.nextElement() + ": " + session.getAttribute(name) + "</p>");
}
out.println("</body>");
out.println("</html>");
out.close();
} /**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
package com.servlettest.filter; import java.io.IOException;
import java.util.ArrayList;
import java.util.List; import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import com.servlettest.exception.PermissionException; public class PermissionFilter implements Filter { private final static List<String> URL = new ArrayList<>(); @Override
public void init(FilterConfig arg0) throws ServletException {
URL.add("/ServletTest/welcome1");
URL.add("/ServletTest/welcome2");
} @Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
if (arg0 instanceof HttpServletRequest && arg1 instanceof HttpServletResponse) {
HttpServletRequest req = (HttpServletRequest) arg0;
if (URL.contains(req.getRequestURI())) {
HttpSession session = req.getSession(true);
String[] userInfo = (String[]) session.getAttribute("USER_INFO");
if (userInfo == null) {
throw new PermissionException();
}
}
}
arg2.doFilter(arg0, arg1);
} @Override
public void destroy() {
}
}
package com.servlettest.exception;
public class PermissionException extends RuntimeException {
private static final long serialVersionUID = 1L;
}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Forbidden</title>
</head>
<body>
<h2>403 禁止访问所请求的页面</h2>
</body>
</html>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<filter>
<filter-name>permissionFilter</filter-name>
<filter-class>com.servlettest.filter.PermissionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>permissionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/html/forbidden.html</location>
</error-page>
<error-page>
<exception-type>com.servlettest.exception.PermissionException</exception-type>
<location>/html/forbidden.html</location>
</error-page>
<welcome-file-list>
<welcome-file>default</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
Servlet(4):Session的更多相关文章
- Servlet和JSP学习指导与实践(二):Session追踪
前言: web应用中经常需要对某些有用的信息进行存储或者附加一些信息.本文主要介绍session,即“会话”跟踪的几种不同方式~ ----------------------------4种管理ses ...
- Servlet(七):session
Session 学习:问题: Request 对象解决了一次请求内的不同 Servlet 的数据共享问 题,那么一个用户的不同请求的处理需要使用相同的数据怎么办呢?解决: 使用 session 技术. ...
- Servlet(3):Cookie和Session
一. Cookie Cookie是客户端技术,程序把每个用户的数据以cookie的形式写给用户各自的浏览器.当用户使用浏览器再去访问服务器中的web资源时,就会带着各自的数据去.这样,web资源处理的 ...
- servlet会话技术:Session
问题的引出 1.在网上购物时,张三和李四购买的商品不一样,他们的购物车中显示的商品也不一样,这是怎么实现的呢? 2.不同的用户登录网站后,不管该用户浏览该网站的那个页面,都可以显示登录人的名字,同时可 ...
- 【转】java:Session(会话)机制详解
书中讲:以下情况,Session结束生命周期,Servlet容器将Session所占资源释放:1.客户端关闭浏览器2.Session过期3.服务器端调用了HttpSession的invalidate( ...
- 面试题:servlet jsp cook session 背1
一.Servlet是什么?JSP是什么?它们的联系与区别是什么? Servlet是Java编写的运行在Servlet容器的服务端程序,狭义的Servlet是指Servlet接口,广义的Servlet是 ...
- [原创]java WEB学习笔记33:Session 案例 之 购物车
本博客为原创:综合 尚硅谷(http://www.atguigu.com)的系统教程(深表感谢)和 网络上的现有资源(博客,文档,图书等),资源的出处我会标明 本博客的目的:①总结自己的学习过程,相当 ...
- Java Web之Servlet及Cookie/Session
Servlet参考文献: 1.http://www.cnblogs.com/luoxn28/p/5460073.html 2.http://www.cnblogs.com/xdp-gacl/p/376 ...
- MZY项目笔记:session歧路
from my typora MZY项目笔记:session歧路 文章目录 MZY项目笔记:session歧路 那该怎么办? 1. 手动加上cookie的header. 2.自己模拟一个Session ...
随机推荐
- uvalive 5905 Pool construction
题目链接 题意: 有一个花园,有些地方是草地,有些地方是洞,现在要在这个花园中修建一个泳池,泳池全部由洞构成. 把洞变成草地需要花费一定的费用,把草地变成洞也需要花费一定的费用,并且泳池的边缘的草地上 ...
- javaWeb中的session和cookie
Cookie Cookie 是浏览器提供的一种技术,通过服务器的程序能将一些只须保存在客户端,或者 在客户端进行处理的数据,放在本地的计算机上,不需要通过网络传输,因而提高网页处理的效率,并且能够减少 ...
- 201871010101-陈来弟《面向对象程序设计(java)》第十七周学习总结
实验十七 线程同步控制 实验时间 2018-12-10 第一部分:理论知识 1.多线程并发执行中的问题 ◆多个线程相对执行的顺序是不确定的. ◆线程执行顺序的不确定性会产生执行结果的不确定性. ◆在 ...
- php+memcache实现的网站在线人数统计
<?php $mc = new Memcache (); // 连接memcache $mc->connect ( ); // 获取 在线用户 IP 和 在线时间数据 $online_me ...
- Quartus 18 新手使用教程
最近需要做个小作品,用到了Quartus 18,本人采用vhdl语言进行的开发,过程如下. 1.点击新建一个工程 2.选择工程保存的路径,填写工程名称 3.选择工程类型为空的工程 4.不添 ...
- python面试题--连续出现最大次数
确实有段时间没怎么写python,手写还不上机是真的难受. 而且break 跳出循环最内一层的事情都要想一下才能写得出来. 题目如下: 寻找一个字符串最大连续出现次数,并放入字典中, s=" ...
- SQL 日期转换
), ): :57AMSELECT ), ): ), ): ), ): ), ): ), ): ), ): 06), ): ,06), ): ::46), ): :::827AMSELECT ), ) ...
- 有效的结构化思维训练,MECE分析法
MECE原则,表达精准分类与全面性的有效利器 结构化思维的本质就是逻辑,其目的在于对问题的思考更完整.更有条理,它帮助我们一个一个找到线头,理清思路,探求事物之间的相互联系.MECE分析法是一种结构化 ...
- k8s权威指南-从xx到oo的实践全接触
基本概念与术语 集群的2种管理角色:master和node master 集群的控制节点,负责整个集群的管理与控制,运行着关键进程: 1,k8s api server: 提供了HTTP Rest 接口 ...
- php+大视频文件上传+进度条
该项目核心就是文件分块上传.前后端要高度配合,需要双方约定好一些数据,才能完成大文件分块,我们在项目中要重点解决的以下问题. * 如何分片: * 如何合成一个文件: * 中断了从哪个分片开始. 如何分 ...