loginCookie.jsp

<%@ page language="java" pageEncoding="UTF-8" isErrorPage="false" %>
<jsp:directive.page import="java.security.MessageDigest"/>
<%!
 // 密钥
 private static final String KEY = ":cookie@helloweenvsfei.com";

 // MD5 加密算法
 public final static String calcMD5(String ss) {
  
    String s = ss==null ? "" : ss;
  
    char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
    try {
     byte[] strTemp = s.getBytes();
     MessageDigest mdTemp = MessageDigest.getInstance("MD5");
     mdTemp.update(strTemp);
     byte[] md = mdTemp.digest();
     int j = md.length;
     char str[] = new char[j * 2];
     int k = 0;
     for (int i = 0; i < j; i++) {
      byte byte0 = md[i];
      str[k++] = hexDigits[byte0 >>> 4 & 0xf];
      str[k++] = hexDigits[byte0 & 0xf];
     }
     return new String(str);
    } catch (Exception e) {
     return null;
    }
 }

%>
<%
 request.setCharacterEncoding("UTF-8");
 response.setCharacterEncoding("UTF-8");
 
 String action = request.getParameter("action");
 
 if("login".equals(action)){
  
  String account = request.getParameter("account");
  String password = request.getParameter("password");
  int timeout = new Integer(request.getParameter("timeout"));
  
  // 把帐号连同密钥使用MD5后加密后保存
  String ssid = calcMD5(account + KEY);
    
  // 把帐号保存到Cookie中 并控制有效期
  Cookie accountCookie = new Cookie("account", account);
  accountCookie.setMaxAge(timeout);
  
  // 把加密结果保存到Cookie中 并控制有效期
  Cookie ssidCookie = new Cookie("ssid", ssid);
  ssidCookie.setMaxAge(timeout);
  
  response.addCookie(accountCookie);
  response.addCookie(ssidCookie);
  
  // 重新请求本页面
  response.sendRedirect(request.getRequestURI() + "?" + System.currentTimeMillis());
  return;
 }
 else if("logout".equals(action)){

  // 删除Cookie中的帐号
  Cookie accountCookie = new Cookie("account", "");
  accountCookie.setMaxAge(0);
  
  // 删除Cookie中的加密结果
  Cookie ssidCookie = new Cookie("ssid", "");
  ssidCookie.setMaxAge(0);

  response.addCookie(accountCookie);
  response.addCookie(ssidCookie);

  // 重新请求本页面
  response.sendRedirect(request.getRequestURI() + "?" + System.currentTimeMillis());
  return;
 }
 
 boolean loggin = false;
 
 String account = null;
 String ssid = null;
 
 // 获取Cookie中的account与ssid
 if(request.getCookies() != null){
  for(Cookie cookie : request.getCookies()){
   if(cookie.getName().equals("account"))
    account = cookie.getValue();
   if(cookie.getName().equals("ssid"))
    ssid = cookie.getValue();
  }
 }
 
 if(account != null && ssid != null){
  // 如果加密规则正确, 则视为已经登录
  loggin = ssid.equals(calcMD5(account + KEY));
 }
 
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><%= loggin ? "欢迎您回来" : "请先登录" %></title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div align="center" style="margin:10px; ">
 <fieldset>
  <legend>当前有效的 Cookie</legend>
  <script>document.write(document.cookie);</script>
 </fieldset>
 <fieldset>
  <legend><%= loggin ? "欢迎您回来" : "请先登录" %></legend>
  <% if(loggin){ %>
   欢迎您, ${ cookie.account.value }. &nbsp;&nbsp;
   <a href="${ pageContext.request.requestURI }?action=logout">注销</a>
  <% } else { %>
  <form action="${ pageContext.request.requestURI }?action=login" method="post">
   <table>
    <tr>
     <td>
      帐号：
     </td>
     <td>
      <input type="text" name="account" style="width:200px; ">
     </td>
    </tr>
    <tr>
     <td>
      密码：
     </td>
     <td>
      <input type="password" name="password" style="width:200px; ">
     </td>
    </tr>
    <tr>
     <td>
      有效期：
     </td>
     <td>
      <input type="radio" name="timeout" value="-1" checked> 关闭浏览器即失效 <br/>
      <input type="radio" name="timeout" value="<%= 30 * 24 * 60 * 60 %>"> 30天内有效 <br/>
      <input type="radio" name="timeout" value="<%= Integer.MAX_VALUE %>"> 永久有效 <br/>
     </td>
    </tr>
    <tr>
     <td>
     </td>
     <td>
      <input type="submit" value=" 登  录 " class="button">
     </td>
    </tr>
   </table>
  </form>
  <% } %>
 </fieldset>
</div>

</body>
</html>