跟踪过程如下
登录成功的时候:
/**
* 用户登录方法
* @param req
* @param resp
* @throws ServletException
* @throws IOException
*/
@SuppressWarnings("unused")
private void login(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
String password = req.getParameter("password");
String expiredays = req.getParameter("expiredays");
Cookie[] cookies = req.getCookies();
//是否登陆的标记,true登录false未登录
boolean login = false;
String account = null;//登录账号
String ssid = null;//这是一个标记,通过cookie判断一个用户该不该成功登录
/**
* 非首次登陆,获取userKey和ssid对应的值
*/
if(cookies != null && cookies.length > 0) {
for (Cookie cookie : cookies) {
if(cookie.getName().equals("userKey")) {
account = cookie.getValue();
}
if(cookie.getName().equals("ssid")) {
ssid = cookie.getValue();
}
}
}
if(account != null && ssid != null) {
login = ssid.equals(CookiesUtils.md5Encrypt(username));
}
if(!login) {//用户首次登陆,不实用Cookie
//第一次登录
User user = userService.login(username, password);//通过访问数据库检查用户名和密码
//登录成功返回用户,登录失败返回null
if(user != null) { //首次登陆成功
//写cookie
expiredays = (expiredays==null)?"":expiredays;
/**
* 写入相关的cookie,分别为userKey和ssid对应的信息
*/
switch (expiredays) {
case "7" : {
CookiesUtils.createCookie(username, req, resp, 7*24*60*60);
break;
}
case "30" : {
//创建cookie 30天
CookiesUtils.createCookie(username, req, resp, 30*24*60*60);
break;
}
case "100" : {
//创建cookie 永远 Integer.Max
CookiesUtils.createCookie(username, req, resp, Integer.MAX_VALUE);
break;
}
default : {
CookiesUtils.createCookie(username, req, resp, -1);
break;
}
}
//记录登陆状态
req.getSession().setAttribute("user", user.getUsername());
//登陆成功
req.getRequestDispatcher("/main.jsp").forward(req, resp);
}else {//首次登陆用户名或密码错误
req.setAttribute("note", "用户名或密码是错误的!");
req.getRequestDispatcher("/login.jsp").forward(req, resp);
}
} else {//Cookie登陆成功
//记录登陆状态
req.getSession().setAttribute("user", username);
expiredays = (expiredays==null)?"":expiredays;
if(expiredays.equals("-1")) {
CookiesUtils.createCookie(username, req, resp, -1);
}
req.getRequestDispatcher("/main.jsp").forward(req, resp);
}
}
req.getSession().setAttribute(“user”, username);
req.getSession().setAttribute(“user”, user.getUsername());
session记录了登陆的状态
登录状态的使用
main.jsp 也就是跳转页面加入检测
</head>
<body>
<%
String username = (String)request.getSession().getAttribute("user");
if(username == null || "".equals(username)) {
response.sendRedirect(request.getContextPath() + "/login.jsp");
}
%>
在代码运行之前,进行数据的检测。