当我们做自动登录时,其实就是把用户名和密码保存到cookie中,我发现当我没对cookie设置过期时间时,它默认是session级别的,也就是把浏览器关闭了,cookie就不存在了,这样当第二天登陆时,肯定就不能实现自动登陆了,所以就要设置过期时间
下面是我用的spring mvc作的自动登陆的例子.
登陆控制器:
/**
* 登陆页
*
* @param request
* @param modelMap
* @return
*/
// @ResponseBody
@RequestMapping(value = "/toLogin", method = RequestMethod.GET)
public String toLogin(HttpServletRequest request, ModelMap modelMap) {
logger.info(" login");
return "login";
}
/**
* 登陆
*
* @param request
* @param model
* @return
*/
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response) {
String email = request.getParameter("email");// 用户名
String password = request.getParameter("password");// 密码
String isRemenber = request.getParameter("isRemenber");// 是否记住密码
logger.info(email);
logger.info(password);
logger.info(isRemenber);
User user = userService.getByEmail(email);// 通过email得到加密后的密码
if (null != user && user.getPassword() != null
&& user.getPassword().equals(password)) {// 这里应该是用明文密码与加密的密码进行校验,目前没有加密
request.getSession().setAttribute("user", user);// 放到session中
if (ISREMENBER.equals(isRemenber)) {// 记住密码
Cookie usernamecookie = new Cookie("username", email);
usernamecookie.setMaxAge(60 * 60 * 24 * 7);// 一定要设置缓存时间,要不然cookie是session级别的,关闭浏览器后,就会失效
response.addCookie(usernamecookie);// 添加用户名
Cookie passwordcookie = new Cookie("password", password);
passwordcookie.setMaxAge(60 * 60 * 24 * 7);//7天的缓存时间
response.addCookie(passwordcookie);// 添加密码
}
return "redirect:/index";
} else {
return "error";
}
}
登陆拦截器:
public class LoginInterceptor extends HandlerInterceptorAdapter {
@Resource
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
// TODO Auto-generated method stub
System.out.println("preHandle");
String username = null;
String password = null;
Cookie[] cookies = request.getCookies();
if (cookies != null && cookies.length != 0) {
for (Cookie cookie : cookies) {
if ("username".equals(cookie.getName())) {
username = cookie.getValue();
}
if ("password".equals(cookie.getName())) {
password = cookie.getValue();
}
}
}
if (null != username && null != password) {
User user = userService.getByEmail(username);
if (null != user && user.getPassword() != null
&& user.getPassword().equals(password)) {// 登陆成功
request.getSession().setAttribute("user", user);// 放到session中
response.sendRedirect(request.getContextPath() + "/index");
return false;// 阻止向下执行实际的controller,如果没有retrun,它会继续执行实际的controller,但不会渲染实际的视图,而还是渲染上面的index视图
}
}
return super.preHandle(request, response, handler);
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
System.out.println("postHandle");
super.postHandle(request, response, handler, modelAndView);
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
System.out.println("afterCompletion");
super.afterCompletion(request, response, handler, ex);
}
}
在spring中配置登陆的拦截器:
<!-- 拦截器配置 -->
<mvc:interceptors>
<!-- 登陆拦截器 -->
<mvc:interceptor>
<mvc:mapping path="/toLogin"/>
<bean class="com.chenjun.mall.intercepters.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
这样在下次登陆时,就不会进入登陆页,直接进入主页了