1、在 index.jsp 中
<body>
<h1>30天内自动登陆</h1><hr>
<c:if test="${sessionScope.user == null}">
游客!
<a href="${pageContext.request.contextPath }/login.jsp">登录</a>
</c:if>
<c:if test="${sessionScope.user != null}">
欢迎回来,${sessionScope.user.name }
<a href="${pageContext.request.contextPath }/servlet/LogoutServlet">注销</a>
</c:if>
</body>
2、在 login.jsp 中
<body>
<h1>用户登录</h1><hr>
<form action="${pageContext.request.contextPath }/servlet/LoginServlet" method="POST">
用户名<input type="text" name="name" />
密码<input type="password" name="password" />
<input type="checkbox" name="autologin" value="true"/>30天内自动登陆
<input type="submit" value="登录"/>
</form>
</body>
3、创建 LoginServlet
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//1.获取用户名密码
String name = request.getParameter("name");
String password = MD5Utils.md5(request.getParameter("password"));
//2.校验用户名密码
String sql = "select * from user where name = ? and password = ? ";
User user = null;
try {
QueryRunner runner = new QueryRunner(DaoUtils.getSource());
user = runner.query(sql, new BeanHandler<User>(User.class),name,password);
} catch (SQLException e) {
e.printStackTrace();
}
if(user == null){
response.getWriter().write("用户名密码不正确");
return;
}else{
//3.登录用户
request.getSession().setAttribute("user", user);
//如果用户勾选过30天内自动登陆,发送自动登陆cookie
if("true".equals(request.getParameter("autologin"))){
Cookie autologinC = new Cookie("autologin",user.getName()+":"+user.getPassword());
autologinC.setPath(request.getContextPath());
autologinC.setMaxAge(3600*24*30);
response.addCookie(autologinC);
}
//4.重定向到主页
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
}
4、创建 AutoLoginFilter
public class AutologinFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
//1.只有未登录的用户才能自动登陆
if(req.getSession(false)==null || req.getSession().getAttribute("user")==null){
//2.只有带了自动登陆cookie的用户才能自动登陆
Cookie [] cs = req.getCookies();
Cookie findC = null;
if(cs!=null){
for(Cookie c : cs){
if("autologin".equals(c.getName())){
findC = c;
break;
}
}
}
if(findC!=null){
//3.自动登录Cookie中保存的用户名密码都需要是正确的才能自动登陆
String name = findC.getValue().split(":")[0];
String password= findC.getValue().split(":")[1];
String sql = "select * from user where name = ? and password = ? ";
User user = null;
try {
QueryRunner runner = new QueryRunner(DaoUtils.getSource());
user = runner.query(sql, new BeanHandler<User>(User.class),name,password);
} catch (SQLException e) {
e.printStackTrace();
}
if(user!=null){
req.getSession().setAttribute("user", user);
}
}
}
//无论是否自动登陆,都放行资源
chain.doFilter(request, response);
}
}
5、注册过滤器
注册
<filter>
<description>自动登陆过滤器</description>
<filter-name>AutologinFilter</filter-name>
<filter-class>com.itheima.filter.AutologinFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutologinFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
6、注销功能
public class LogoutServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if(request.getSession(false)!=null){
request.getSession().invalidate();
//删除自动登录 cookie
Cookie autologinC = new Cookie("autologin", "");
autologinC.setPath(request.getContextPath());
autologinC.setMaxAge(0);
response.addCookie(autologinC);
}
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}