1 访问登录页面
2 登录
-
登录凭证,不放 session,存入 login_ticket 表(id、user_id、ticket、status、expired),使用时再存入cookie
-
UserService.login:生成登录凭证 loginTicket,将 ticket 放入 map 中
-
LoginController
@RequestMapping(path = "/login", method = RequestMethod.POST) // SpringMVC 将实体类自动注入 Model 中,但基本数据类型、String 等不会,手动注入或者页面从 request 中取 public String login(String username, String password, String code, boolean rememberme, Model model, HttpSession session, HttpServletResponse response) { // 1 检查验证码,忽略大小写 kaptcha.equalsIgnoreCase(code) // 2 检查 rememberme int expiredSeconds = rememberme ? REMEMBER_EXPIRED_SECONDS : DEFAULT_EXPIRED_SECONDS; Map<String, Object> map = userService.login(username, password, expiredSeconds); // 3 登录凭证放入 cookie 中 if (map.containsKey("ticket")) { Cookie cookie = new Cookie("ticket", map.get("ticket").toString()); cookie.setPath(contextPath); cookie.setMaxAge(expiredSeconds); response.addCookie(cookie); return "redirect:/index"; } else { model.addAttribute("usernameMsg", map.get("usernameMsg")); model.addAttribute("passwordMsg", map.get("passwordMsg")); return "/site/login"; } }
-
页面:th:value="${param.username}",从request中取值
3 退出
-
UserService
public void logout(String ticket) { loginTicketMapper.updateStatus(ticket, 1); }
-
LoginController
@RequestMapping(path = "/logout", method = RequestMethod.GET) // @CookieValue("ticket"):从Cookie中取值 public String logout(@CookieValue("ticket") String ticket) { userService.logout(ticket); return "redirect:/login"; }