jsp演示http通信，wireshark抓通信报文，重定向/转发 cookie

重定向报文

 

转发报文

iframe报文

 修改window报文

 cookie(打开浏览器访问)

set-cookie

 刷新后看cookie

 window.location.href或http://127.0.0.1/web看cookie

 

 

 cookie【iframe/window.location.href】

 

 

 

 

演示文件

setprivi.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
     <%
        String  userid=request.getParameter("userid");
        if("zj".equals(userid)
        		|| "czh".equals(userid)
        		|| "100".equals(userid)
        		){
        	session.setAttribute("user", userid);
        	out.print("模拟学生/普通用户登录成功");
        	
        }else
        {
        	session.setAttribute("user", null);
        	out.print("模拟学生/普通用户登录失败");        	
        }
        	
        
      Cookie cookies[]=  request.getCookies() ;
      for(Cookie c:cookies)
    	  out.print(c.getName()+":"+c.getValue()+":"+c.getDomain());
     
     
     
     %>
    

</body>
</html>

testprivi.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>

<script type="text/javascript">
	var user = "${sessionScope.user}";
	var admin = "${sessionScope.admin}";
	function del(userid) {
		if (admin.length != 0 || user.length != 0) {
			if (admin.length != 0) {
				return confirm("确定要删除吗?");
			}
			if (user.length != 0) {
				if (user != userid) {
					alert("普通用户不能删除非本人信息");
					return false;
				}
				return confirm("确定要删除吗?");
			}
		} else {
			alert("请先登录");
			return false;
		}
	}
</script>

</head>
<body>
<a href="javascript:alert('执行删除操作。。。。')" 
                onclick="return del(100)">删除学生或老师信息</a>

</body>
</html>

   演示效果

 

 抓包wireshark

请求操作

请求报文

TCP层信息

双方端口共4个字节

 

 

 回应信息

追踪http流