重点:
①如果之前没成功要清除掉浏览器Cookie的缓存
②一定要把这个浏览器关掉再重新打开一个,不关的话还是相当于一个浏览器。
实验部分:
实现一个用户登录的功能
代码
IndexServlet运行首页
package loginpackage;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/IndexServlet")
public class IndexServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");//过去session中的内容并赋给user
if(user == null) {
response.getWriter().print("未登录,请<a href='/test2/login.html'>重新登陆!</a>");
}else {
response.getWriter().print("你已经登录!"+user.getUsername());
response.getWriter().print("<a href='/test2/LogoutServlet'>退出</a>");
// Cookie cookie = new Cookie("JSESSIONID",session.getId());
// cookie.setMaxAge(30*10);
// cookie.setPath("/test2");
// response.addCookie(cookie);
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
login.html登录页面
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="/test2/LoginServlet" method="post">
用户名:<input type="text" name="username"><br>
密 码:<input type="password" name="password"><br>
<input type="submit" value="提交" >
</form>
</body>
</html>
LoginServlet判断账号密码界面
package loginpackage;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class login
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
String username = request.getParameter("username");
String password = request.getParameter("password");
PrintWriter out=response.getWriter();
if("lifei".equals(username)&&"123".equals(password)) {
User user=new User();
user.setUsername(username);
user.setPassword(password);
request.getSession().setAttribute("user", user); //服务器创建session并将user存进去
response.sendRedirect("/test2/IndexServlet"); //重定向到IndexServlet
}else {
out.write("用户或密码错误,登录失败!");
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
LogoutServlet退出页面(可要可无)
package loginpackage;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LogoutServlet
*/
@WebServlet("/LogoutServlet")
public class LogoutServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getSession().removeAttribute("user");
response.sendRedirect("/test2/IndexServlet");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
在老师给的实验报告中上来就让步浏览器的Cookie给禁用掉,然后我也是傻乎乎的禁用掉了。但是到做实验的时候却发现了好大的问题:Session并不能像正常的那样打开一个浏览器在未登录页面登录好后,服务器创建一个Session,然后关闭浏览器再打开这个页面依然还是关闭前已登录的状态
上图:
第一次登录
登录成功
关闭浏览器,再打开一个新的浏览器,依然是已登录状态
解决办法
把代码里的Cookie代码给注释了-------这才是真正的禁用Cookie!!!
解决办法及个人感悟
如果是验证session的特点是不能禁用浏览器的cookie的 ,把浏览器Cookie禁用掉后这个实验就做不成了,会一直显示未登录,即使再点击登录也是未登录,我觉得原因是把 浏览器的Cookie关了,创建的session的sessionID 不就没地方存储了吗,服务器哪里知道有这个session请求,然后输入账号密码到了 IndexServlet判断session页面 从服务器获取session,服务器都没有,(或者是没有sessionID,我不确定),不知道你是哪个浏览器请求的 没给咱 ,咱就获取不到 然后就一直跳转 未登录请重新登陆页面 ,死循环 。
做这个实验只有把IndexServlet里面下边几行Cookie设置的代码给注释掉才能观察到session的特点,不过还有一点的注意的是 浏览器cookie缓存数据得清空,然后正常的输入IndexServlet网址进去 登陆 显示登陆成功 关闭浏览器 重新进这个网址 提示未登录 , 验证 Cookie 的话 就把Cookie的代码不注释掉 [晕]