这一节来讲讲cookie的解析,要谈到cookie的解析,首先要先大概了解一下两个类。第一个实Cookie,这个类实servlet中的一个类,这个类也就是存放解析cookie后的一些信息,而且这个类是
可以被序列化的。另外一个类就是RequestUtil,这是一个工具类,提供了一些请求解析和编码的方法。这个类提供了几个方法,我们目前就先看里面的一个方法:如何解析cookie这个方法。
1,首先来看看Cookie cookies[] = RequestUtil.parseCookieHeader(value);//解析Cookie
看看源码中具体的实现:
这个方法比较简单,这个类中还有其他的一些方法,到后面会详细的再讲到它
package org.apache.catalina.util.RequestUtil;
/**
* Parse a cookie header into an array of cookies according to RFC 2109.
*根据RFC 2100进行把cookie解析成一个存放cookies的数组
* @param header Value of an HTTP "Cookie" header
*/
//进行cookie的解析,这个方法十分的简单
public static Cookie[] parseCookieHeader(String header) {
if ((header == null) || (header.length() < 1))//如果cookies'header为空或者长度为小于1,那么直接返回一个Cookie实例
return (new Cookie[0]);
ArrayList cookies = new ArrayList();//申请一个数组
while (header.length() > 0) {
int semicolon = header.indexOf(';');//遇到';'进行切割
if (semicolon < 0)//如果没有遇到';',直接将header的长度赋值给semicolon
semicolon = header.length();
if (semicolon == 0)
break;
String token = header.substring(0, semicolon);//将截出的字符串赋给token
if (semicolon < header.length())
header = header.substring(semicolon + 1);
else
header = "";
try {
int equals = token.indexOf('=');//进行把键值对进行拆分
if (equals > 0) {
String name = token.substring(0, equals).trim();//过滤空格
String value = token.substring(equals+1).trim();//过滤空格
cookies.add(new Cookie(name, value));//将Cookie放入到数组中
}
} catch (Throwable e) {
;
}
}
return ((Cookie[]) cookies.toArray(new Cookie[cookies.size()]));
}
2,看看上面这个函数中的cookies.add(new Cookie(name, value));//将Cookie放入到数组中。。注意一下Cookie的初始化方法:
在说到这个的时候,就要先来看看RFC 2109拉。
RFC 2109
set-cookie = "Set-Cookie:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" cookie-av)
NAME = attr
VALUE = value
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT
Comment=comment
Optional. Because cookies can contain private information about a
user, the Cookie attribute allows an origin server to document its
intended use of a cookie. The user can inspect the information to
decide whether to initiate or continue a session with this cookie.
因为Cookie包含用户的私人信息,这个属性表示服务器是不是要用Cookie,用户可以查看这个属性来确定是是不是用Cookie来使用session
Domain=domain
Optional. The Domain attribute specifies the domain for which the
cookie is valid. An explicitly specified domain must always start
with a dot.
Domain属性描述了那个域名对Cookie是有效的,一个明确描述域名的是一个“.”开始的
Max-Age=delta-seconds
Optional. The Max-Age attribute defines the lifetime of the
cookie, in seconds. The delta-seconds value is a decimal non-
negative integer. After delta-seconds seconds elapse, the client
should discard the cookie. A value of zero means the cookie
should be discarded immediately.
Max-age属性表示Cookie的生存时间,值是十进制非负整数。当时间到了以后,客户端会立刻丢弃Cookie,如果值是0表示Cookie必须马上丢弃。
Path=path
Optional. The Path attribute specifies the subset of URLs to
which this cookie applies.
path属性是应用Cookieurl的子集。
Secure
Optional. The Secure attribute (with no value) directs the user
agent to use only (unspecified) secure means to contact the origin
server whenever it sends back this cookie.
The user agent (possibly under the user's control) may determine
what level of security it considers appropriate for "secure"
cookies. The Secure attribute should be considered security
advice from the server to the user agent, indicating that it is in
secure属性(没有值)是有urser agent使用没有定义好的一个值来和服务器联系,然后服务器会返回这个值
Version=version
Required. The Version attribute, a decimal integer, identifies to
which version of the state management specification the cookie
conforms. For this specification, Version=1 applies
Discard 这个不是RFC 2109中,但是从表面意思看估计是否丢弃该cookie
下面来看看Cookie的构造方法:
/ **
*构造一个具有指定名称和值的cookie。
*
*<P>Cookie名称必须符合RFC 2109。这意味着它可以包含
*仅使用ASCII字母数字字符,不能包含逗号,
*分号或空格或$字符开始。 cookie的
*名称不能被创建后改变。
*
*<P>Cookie值可以是任何服务器选择发送。其
*值可能是唯一感兴趣的服务器。 cookie的
*值创建后可以改变
*的<code>的setValue</ code>方法。
*
*<p>缺省情况下,Cookie是根据Netscape的创建
* cookie规范。该版本可以与改变
*的<code> setVersion</ code>方法。
/**
* Constructs a cookie with a specified name and value.
*
* <p>The name must conform to RFC 2109. That means it can contain
* only ASCII alphanumeric characters and cannot contain commas,
* semicolons, or white space or begin with a $ character. The cookie's
* name cannot be changed after creation.
*
* <p>The value can be anything the server chooses to send. Its
* value is probably of interest only to the server. The cookie's
* value can be changed after creation with the
* <code>setValue</code> method.
*
* <p>By default, cookies are created according to the Netscape
* cookie specification. The version can be changed with the
* <code>setVersion</code> method.
*
*
* @param name a <code>String</code> specifying the name of the cookie
*
* @param value a <code>String</code> specifying the value of the cookie
*
* @throws IllegalArgumentException if the cookie name contains illegal characters
* (for example, a comma, space, or semicolon)
* or it is one of the tokens reserved for use
* by the cookie protocol
* @see #setValue
* @see #setVersion
*
*/
public Cookie(String name, String value) {
if (!isToken(name)
|| name.equalsIgnoreCase("Comment") // rfc2019
|| name.equalsIgnoreCase("Discard") // 2019++
|| name.equalsIgnoreCase("Domain")
|| name.equalsIgnoreCase("Expires") // (old cookies)
|| name.equalsIgnoreCase("Max-Age") // rfc2019
|| name.equalsIgnoreCase("Path")
|| name.equalsIgnoreCase("Secure")
|| name.equalsIgnoreCase("Version")
) {
String errMsg = lStrings.getString("err.cookie_name_is_token");
Object[] errArgs = new Object[1];
errArgs[0] = name;
errMsg = MessageFormat.format(errMsg, errArgs);
throw new IllegalArgumentException(errMsg);
}
this.name = name;
this.value = value;
}
好了,今天就先到这里。。。
可以被序列化的。另外一个类就是RequestUtil,这是一个工具类,提供了一些请求解析和编码的方法。这个类提供了几个方法,我们目前就先看里面的一个方法:如何解析cookie这个方法。
1,首先来看看Cookie cookies[] = RequestUtil.parseCookieHeader(value);//解析Cookie
看看源码中具体的实现:
这个方法比较简单,这个类中还有其他的一些方法,到后面会详细的再讲到它
package org.apache.catalina.util.RequestUtil;
/**
* Parse a cookie header into an array of cookies according to RFC 2109.
*根据RFC 2100进行把cookie解析成一个存放cookies的数组
* @param header Value of an HTTP "Cookie" header
*/
//进行cookie的解析,这个方法十分的简单
public static Cookie[] parseCookieHeader(String header) {
if ((header == null) || (header.length() < 1))//如果cookies'header为空或者长度为小于1,那么直接返回一个Cookie实例
return (new Cookie[0]);
ArrayList cookies = new ArrayList();//申请一个数组
while (header.length() > 0) {
int semicolon = header.indexOf(';');//遇到';'进行切割
if (semicolon < 0)//如果没有遇到';',直接将header的长度赋值给semicolon
semicolon = header.length();
if (semicolon == 0)
break;
String token = header.substring(0, semicolon);//将截出的字符串赋给token
if (semicolon < header.length())
header = header.substring(semicolon + 1);
else
header = "";
try {
int equals = token.indexOf('=');//进行把键值对进行拆分
if (equals > 0) {
String name = token.substring(0, equals).trim();//过滤空格
String value = token.substring(equals+1).trim();//过滤空格
cookies.add(new Cookie(name, value));//将Cookie放入到数组中
}
} catch (Throwable e) {
;
}
}
return ((Cookie[]) cookies.toArray(new Cookie[cookies.size()]));
}
2,看看上面这个函数中的cookies.add(new Cookie(name, value));//将Cookie放入到数组中。。注意一下Cookie的初始化方法:
在说到这个的时候,就要先来看看RFC 2109拉。
RFC 2109
set-cookie = "Set-Cookie:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" cookie-av)
NAME = attr
VALUE = value
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT
Comment=comment
Optional. Because cookies can contain private information about a
user, the Cookie attribute allows an origin server to document its
intended use of a cookie. The user can inspect the information to
decide whether to initiate or continue a session with this cookie.
因为Cookie包含用户的私人信息,这个属性表示服务器是不是要用Cookie,用户可以查看这个属性来确定是是不是用Cookie来使用session
Domain=domain
Optional. The Domain attribute specifies the domain for which the
cookie is valid. An explicitly specified domain must always start
with a dot.
Domain属性描述了那个域名对Cookie是有效的,一个明确描述域名的是一个“.”开始的
Max-Age=delta-seconds
Optional. The Max-Age attribute defines the lifetime of the
cookie, in seconds. The delta-seconds value is a decimal non-
negative integer. After delta-seconds seconds elapse, the client
should discard the cookie. A value of zero means the cookie
should be discarded immediately.
Max-age属性表示Cookie的生存时间,值是十进制非负整数。当时间到了以后,客户端会立刻丢弃Cookie,如果值是0表示Cookie必须马上丢弃。
Path=path
Optional. The Path attribute specifies the subset of URLs to
which this cookie applies.
path属性是应用Cookieurl的子集。
Secure
Optional. The Secure attribute (with no value) directs the user
agent to use only (unspecified) secure means to contact the origin
server whenever it sends back this cookie.
The user agent (possibly under the user's control) may determine
what level of security it considers appropriate for "secure"
cookies. The Secure attribute should be considered security
advice from the server to the user agent, indicating that it is in
secure属性(没有值)是有urser agent使用没有定义好的一个值来和服务器联系,然后服务器会返回这个值
Version=version
Required. The Version attribute, a decimal integer, identifies to
which version of the state management specification the cookie
conforms. For this specification, Version=1 applies
Discard 这个不是RFC 2109中,但是从表面意思看估计是否丢弃该cookie
下面来看看Cookie的构造方法:
/ **
*构造一个具有指定名称和值的cookie。
*
*<P>Cookie名称必须符合RFC 2109。这意味着它可以包含
*仅使用ASCII字母数字字符,不能包含逗号,
*分号或空格或$字符开始。 cookie的
*名称不能被创建后改变。
*
*<P>Cookie值可以是任何服务器选择发送。其
*值可能是唯一感兴趣的服务器。 cookie的
*值创建后可以改变
*的<code>的setValue</ code>方法。
*
*<p>缺省情况下,Cookie是根据Netscape的创建
* cookie规范。该版本可以与改变
*的<code> setVersion</ code>方法。
/**
* Constructs a cookie with a specified name and value.
*
* <p>The name must conform to RFC 2109. That means it can contain
* only ASCII alphanumeric characters and cannot contain commas,
* semicolons, or white space or begin with a $ character. The cookie's
* name cannot be changed after creation.
*
* <p>The value can be anything the server chooses to send. Its
* value is probably of interest only to the server. The cookie's
* value can be changed after creation with the
* <code>setValue</code> method.
*
* <p>By default, cookies are created according to the Netscape
* cookie specification. The version can be changed with the
* <code>setVersion</code> method.
*
*
* @param name a <code>String</code> specifying the name of the cookie
*
* @param value a <code>String</code> specifying the value of the cookie
*
* @throws IllegalArgumentException if the cookie name contains illegal characters
* (for example, a comma, space, or semicolon)
* or it is one of the tokens reserved for use
* by the cookie protocol
* @see #setValue
* @see #setVersion
*
*/
public Cookie(String name, String value) {
if (!isToken(name)
|| name.equalsIgnoreCase("Comment") // rfc2019
|| name.equalsIgnoreCase("Discard") // 2019++
|| name.equalsIgnoreCase("Domain")
|| name.equalsIgnoreCase("Expires") // (old cookies)
|| name.equalsIgnoreCase("Max-Age") // rfc2019
|| name.equalsIgnoreCase("Path")
|| name.equalsIgnoreCase("Secure")
|| name.equalsIgnoreCase("Version")
) {
String errMsg = lStrings.getString("err.cookie_name_is_token");
Object[] errArgs = new Object[1];
errArgs[0] = name;
errMsg = MessageFormat.format(errMsg, errArgs);
throw new IllegalArgumentException(errMsg);
}
this.name = name;
this.value = value;
}
好了,今天就先到这里。。。
扫一扫
1152
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
