Session
1.Session 称之为 会话控制 技术
2.Session生命周期,会话结束 对象销毁
3.Session的数据存储在内存中
4.Session只可以临时存储数据,不能永久存储
Cookie
1.Cookie是小型文本文件
2.文件通常是加密的
3.cookie 可以临时或者永久存储
区别
Session 数据安全性高
cookie 适合做 1个月免密登录
Cookie存储信息
@RequestMapping(“/login”)
public int login(@RequestBody UserLoginDTO user, HttpSession session, HttpServletResponse response){
System.out.println(“user = " + user);
UserVO u = mapper.selectByUsername(user.getUsername());
if (u!=null){
if (user.getPassword().equals(u.getPassword())){
//往Session对象中保存
session.setAttribute(“user”,u);
if (user.getRem()){
Cookie username = new Cookie(“username”, user.getUsername());
username.setMaxAge(606024*30);//一个月单位是秒
Cookie password = new Cookie(“password”, user.getPassword());
response.addCookie(username);
response.addCookie(password);
}
return 1;
}
return 3;
}
return 2;
}
HttpSession 用法
@RequestMapping(”/currentUser")
public UserVO currentUser(HttpSession session){
return (UserVO)session.getAttribute(“user”);
}
@RequestMapping(“/logout”)
public void logout(HttpSession session){
session.removeAttribute(“user”);
}
HttpServletRequest&HttpServletResponse 用法
//当请求经过过滤器时执行的方法
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest rt = (HttpServletRequest) request;
HttpServletResponse re = (HttpServletResponse) response;
//从请求对象中获取Session
HttpSession session = rt.getSession();
//获取Session中的用户对象
UserVO user = (UserVO) session.getAttribute(“user”);
if (user!=null){//登录了
chain.doFilter(request, response);//放行
}else{
re.sendRedirect(“/login.html”);//重定向到登录页面
}
}