主要防止非法用户修改cookie信息,以及cookie的超时时间 传统cookie存储,Cookie(name, value),value很容易就被篡改。 防修改cookie存储,Cookie(name, value+“&&”+ signToken+“&&”+saveTime+“&&”+maxTime) signToken :签名密钥 由md5(value+saveTime+maxTime+”自定义密钥“)生成 saveTime:cookie创建时间 maxTime:cookie超时时间 设置Cookie public static void put(HttpServletResponse response, String key, String value, int maxTime) { String pwdKey = "white_yu"; //自定义密钥 String saveTime = System.currentTimeMillis() + ""; String signToken = md5(pwdKey, saveTime, maxTime + "", value);
String cookieValue = signToken + "&&" + saveTime + "&&" + maxTime
+ "&&" + value;
Cookie cookie = new Cookie(key,cookieValue);
cookie.setMaxAge(maxTime);
response.addCookie(cookie);
}
获取Cookie public static String getCookie(String cookieValue) { String pwdKey = "white_yu"; //自定义密钥 if (StringUtils.isNotBlank(cookieValue)) { String cookieStrings[] = cookieValue.split("&&"); if (null != cookieStrings && 4 == cookieStrings.length) { String signToken = cookieStrings[0]; String saveTime = cookieStrings[1]; String maxTime = cookieStrings[2]; String value = cookieStrings[3];
String sign = md5(pwdKey, saveTime, maxTime, value);
// 保证 cookie 不被人为修改
if (sign.equals(signToken)) {
long stime = Long.parseLong(saveTime);
long maxtime = Long.parseLong(maxTime) * 1000;
// 查看是否过时
if ((stime + maxtime) - System.currentTimeMillis() > 0) {
return value;
}
}
}
}
return null;
}