JSP Servlet 会话管理
会话跟踪在通常是用于维持用户数据和状态的方法,通常分为Cookie和session两项常用技术。在Servlet也被称之为Servlet会话管理,也可以称之为“会话追踪”都是没有问题的。当用户通过浏览器来访问和进行交互请求的时候,我们需要使用Cookie和session两项中的任意一项来维护状态,每次用户向服务器请求时,服务器就将会该请求视为新的请求。所谓为了避免这种问题,需要区别进行对待,在这种情况中会话跟踪技术慢慢的发展和壮大。
Cookie
Cookie即“小饼干”,是为了Web站点进行辨别用户从而实现免密登入来进行访问,和Session的区别之处在于Cookie将数据存储于客户端中,而Session存储与服务器之中。Cookie可以包含用户信息、小文本文件等信息,通过Cookie技术,可以让用户何时访问Web服务器,Web都可以通过访问或获取存储于用户本地之中的Cookie进行利用。
1
| Cookie vistedCountC = new Cookie ("name", "null");
|
通过上方的Cookie够走可以看出,name可指定Cookie的属性名,第二个参数null可以用于指定值。创建完Cookie可以使用addCookie()添加到响应对象之中那个,从而实现存储于用户本地计算机上。如果想实现访问或获取存储于用户计算机之中的Cookie的数据可以通过getCookies()来进而获取。
在Cookie中有一定的存活时间,不可能在客户端中永久保存,这样会给安全性带来问题,在默认的情况之下Cookie在用户关闭之时将会自动会被销毁,如果想自行进行定义可以使用setMaxAge(int time)方法来设置Cookie的存货时间。
| ID |
DA |
FA |
| AddCookie() |
将Cookie添加到响应对象中 |
即存储于用户计算机中 |
| getCookies() |
来获取用户计算机之中的Ckkoie数据 |
|
| setMaxAge(int time) |
设置Cookie存活时间 |
如为整数则以秒进行计算,为负数则表示为临时Cookie,但为0则表明通知浏览器删除相应Cookie数据 |
访问次数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
| package Cookie;
import java.util.Date;
import java.text.SimpleDateFormat;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class TimeCookie
*/
@WebServlet("/TimeCookie")
public class TimeCookie extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public TimeCookie() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
// Time
PrintWriter printWriter = response.getWriter();
SimpleDateFormat simpledateformat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String nowTime = simpledateformat.format(new Date());
// 访问时间
String lastVistTime = "";
// 访问次数
int vistedCount = 0;
// 获取Cookie
Cookie[] myCookies = request.getCookies();
if (myCookies != null) {
for (Cookie cookie:myCookies) {
// 是否为最近访问的Cookies
if ("lastVist".equals(cookie.getName())) {
lastVistTime = cookie.getValue();
}
if ("vistedCount".equals(cookie.getName())) {
vistedCount = Integer.valueOf(cookie.getValue());
}
}
}
if (!"".equals(lastVistTime)) {
printWriter.println("上次访问时间" + lastVistTime);
}
// 访问次数
printWriter.println("访问次数" + (vistedCount +1));
// 创建 Cookie
Cookie lastVistTimeC = new Cookie("lastVist",nowTime);
// Cookie 生存时间
lastVistTimeC.setMaxAge(365*24*60*60);
// 访问时创建同名cookie
Cookie vistedCpimtC = new Cookie("vistedCount", (vistedCount +1) + "");
// Cookie Timesize
vistedCpimtC.setMaxAge(365*24*60*60);
// 将Cookie添加到响应客户端中
response.addCookie(lastVistTimeC);
response.addCookie(vistedCpimtC);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
|
登录演示
| ID |
DA |
FA |
| Lagin |
登录界面 |
JSP |
| LoginServlet |
登入验证 |
Servlet |
| LogoutServlet |
Cookie注销 |
Servlet |
| ProfileServlet |
获取Cookie |
Servlet |
Lagin.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| <%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="LoginServlet" method="post">
user:<input type="text" name="name"></br>
Pass:<input type="password" name="password"><br>
<input type="submit" value="login">
</form>
</body>
</html>
|
LoginServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
| package Cookie;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
// user and password
String name = request.getParameter("name");
String password = request.getParameter("password");
// pass or user
if (password.equals("admin")) {
out.println("Yes!");
out.println("<br>User" + name);
// Cookie
Cookie cookie = new Cookie("name", name);
response.addCookie(cookie); // 添加到响应头
} else {
out.println("No!");
request.getRequestDispatcher("login.jsp").include(request, response);
}
out.close();
}
}
|
LogoutServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
| package Cookie;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
// user and password
String name = request.getParameter("name");
String password = request.getParameter("password");
// pass or user
if (password.equals("admin")) {
out.println("Yes!");
out.println("<br>User" + name);
// Cookie
Cookie cookie = new Cookie("name", name);
response.addCookie(cookie); // 添加到响应头
} else {
out.println("No!");
request.getRequestDispatcher("login.jsp").include(request, response);
}
out.close();
}
}
|
ProfileServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
| package Cookie;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
// user and password
String name = request.getParameter("name");
String password = request.getParameter("password");
// pass or user
if (password.equals("admin")) {
out.println("Yes!");
out.println("<br>User" + name);
// Cookie
Cookie cookie = new Cookie("name", name);
response.addCookie(cookie); // 添加到响应头
} else {
out.println("No!");
request.getRequestDispatcher("login.jsp").include(request, response);
}
out.close();
}
}
|
session
session即HttpSession对象实现会话跟踪技术,而Session和Cookie的区别就是当用户第一次访问服务器的时候将会创建一个session对象,之后将会为其分配一个唯一的会话标识(sessionId)之后将会以"JSESSIONID"作为属性名保存在客户端cookie中
Session 对象
| ID |
DA |
FA |
| getSession() |
返回与此请求关联的当前会话 |
如果没有则创建一个 |
| getSession (boolean create) |
返回与此请求关联的当前HttpSession |
或者如果当前没有create为true,则创建一个对象 |
| getAttribute() |
获取指定属性 |
|
Session 接口
| ID |
DA |
FA |
| getRequestedSessionId() |
返回包含session唯一标识符的字符串 |
|
| getCreation Time() |
返回创建此会话的时间 |
以格林尼治标准时间1970年1月1日午夜以来的毫秒数来作为单位 |
| getLastAccessedTime() |
返回客户端最后一次发送与此会话相关的请求时间 |
以格林尼治标准时间1970年1月1日午夜以来的毫秒数来作为单位 |
| invalidate() |
使得此会话无效,之后取消绑定到该会话中的任何对象 |
|
Session 获取用户名
通过setSession() 和getAttribute()对象,实现了Servlet通过session来获取jsp中用户填写的数据并使用了url重写:
login.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
| <%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="finstServlet">
Username<input type="text" name="nameuser">
<input type="submit" value="up">
</form>
</body>
</html>
````
#### session.java
```java
package session;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/secondServlet")
public class session extends HttpServlet {
private static final long serialVersionUID = 1L;
public session() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(false);
String uaname = (String)session.getAttribute("uname");
out.println("Hello:" + uaname);
out.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
|
finstServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| package session;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/finstServlet")
public class attribute extends HttpServlet {
private static final long serialVersionUID = 1L;
public attribute() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String name = request.getParameter("nameuser");
out.println("用户: " + name);
HttpSession session = request.getSession();
session.setAttribute("uname", name);
out.println("| <a href='secondServlet'>secondServlet</a>");
out.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
|
secondServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| package session;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/secondServlet")
public class secondservlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public secondservlet() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(false);
String uaname = (String) session.getAttribute("uname");
out.println("Hello:" + uaname);
out.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
|
获取session id
从Session获取用户名的基础上,我们在finstServlet中加入(getRequestedSessionId)即可获取到session ID:
finstServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| package session;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/finstServlet")
public class firstservlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public firstservlet() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String name = request.getParameter("nameuser");
out.println("用户: " + name);
HttpSession session = request.getSession();
session.setAttribute("uname", name);
out.println(request.getRequestedSessionId());
out.println("| <a href='secondServlet'>secondServlet</a>");
out.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
|
URL重写
使用url重写的优势在于无论浏览器是否禁用cookie或session,传输都将有效,也不需要在每个页面上提交额外的网关,关于重写url和不重写url的区别可以是:
重写 secondServlet.java url
finstServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
| package session;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/finstServlet")
public class firstservlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public firstservlet() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String name = request.getParameter("nameuser");
out.println("用户: " + name);
HttpSession session = request.getSession();
session.setAttribute("uname", name);
out.println("| <a href='secondServlet?uname=" + name + "'>secondServlet</a>");
out.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
|
表单域隐藏
表单域和上述URL重写区别在于URL重写会将原先 http://localhost:8080/Testsp/secondServlet的链接改为http://localhost:8080/Testsp/secondServlet?uname=Adminsitrator,而隐藏表单域则会将URL重写后的链接写为“http://localhost:8080/Testsp/secondServlet”。表单域的有点则是不管Cookie是否禁用,都合URL重写一样,可以正常使用。
login.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| <%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="finstServlet" method="post">
Username:<input type="text" name="nameuser">
<input type="submit" value="up">
</form>
</body>
</html>
|
finstServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| package session;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class finstServlet
*/
@WebServlet("/finstServlet")
public class firstservlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public firstservlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String name = request.getParameter("nameuser");
out.print("User: " + name);
/*
out.print("<form action='secondServlet'>");
out.print("<input type='hidden' name='namer' value='" + name + "'>");
out.print("<input type='submit' value='up'>");
out.print("</form>");
*/
out.close();
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
|
