一般情况下,session是通过非持久cookie进行跟踪的,即服务端向客户端发送的JSESSIONID来实现的,但是如果客户端禁止了cookie,session就无法实现跟踪会话,这样对于web应用来说非常不方便;还有一种方法就是用隐藏表单域,这个只能用于特定操作中,仅当每个页面都由表单提交而动态生成的时候,才可以使用隐藏表单域,用来存储相关会话信息,用法为:
<input type="hidden" name="jssesionid" value="7D8449A7EF434DE66DED63227E02AC1E">
下面介绍一种方便通用的方法:通过URL重写技术实现Session的跟踪会话。
下面是测试案例:
提交请求的servlet:SessionTest.java
<pre name="code" class="java"> public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); PrintWriter out = response.getWriter(); HttpSession s = request.getSession(true); s.setAttribute("person1", new Person("xjd", 22)); s.setAttribute("person2", new Person("xjd1", 23)); String path = response.encodeURL("./getForm"); out.println("<html><head><title>URL重定向测试</title></head>"); out.println("<body><form action='"+path+"' method='post'>"); out.println("用户名:<input type='text' name='user'><br>"); out.println("密码:<input type='password' name='pass'><br>"); out.println("<input type='submit'><br>"); }
处理请求的Servlet: GetForm.java浏览器禁止cookie后,运行结果为:public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); PrintWriter out = response.getWriter(); HttpSession s = request.getSession(true); out.println(s.isNew()+"<br>"); out.println(s.getAttribute("person1")+"<br>"); out.println(s.getAttribute("person2")+"<br>"); }
false
com.session.demo.Person@26d4f204
com.session.demo.Person@665cf886
地址栏为:http://localhost:8080/SessionTest/getForm;jsessionid=7D8449A7EF434DE66DED63227E02AC1E
可见经过String path = response.encodeURL("./getForm");处理后,path中已经将jsessionid值通过URL形式传递给了服务器端,故可以实现session的跟踪会话