简介
本文内容是spring风靡之前,程序员开发JavaWeb网站的主流方式,粗略估计大概是10年之前主流技术栈知识了
spring本质上也是对这些内容的封装,因为spring只是一个管理和封装框架,底层的实现功能依然来自于各种jar包
所以我认为,Java程序员还是有必要去了解这一部分的内容的
cookie
cookie简介
是的你没看错,就是饼干的意思
cookie是一种信息,存储于电脑硬盘内,专门用于浏览器使用
Chrome的Cookie存放位置:C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default
Cookies实际上是一个sqlite数据库文件,可以直接打开查看:
我们也可以在打开任何一个网站之后,查看当前网站存储的cookie(F12打开开发者工具,然后选择应用程序application,点击Cookie即可)
csdn网站的cookie
bilibili的cookie
cookie存储的信息其实就是网站使用者的用户信息(用户名昵称等),但是不会很敏感,因为cookie是明文存储的,所以密码不可能存储在cookie中
我们存储cookie有什么用呢?比如你登录了某一个网站,然后关闭了这个网页,重新打开时不需要重新登录,实现这个需求的其中一部分原理就是cookie保存了你的用户信息
虽然cookie是保存在计算机本地的,但是为了浏览器加载速度的考虑,cookie一般都会设置过期时间,过期自动删除。
这样可以降低存储数据的总量,加快查询时间,提高浏览器加载速度
cookie的前后端使用(以后端:servlet;前端:jquery为例)
假设现在有一个商品管理系统,商品表中一种商品只能归一个用户所有,一个用户可以拥有多种商品
当登录之后,我们需要根据用户id进行商品查询的筛选,这里我们可以将其保存到cookie中
后端代码
登录servlet
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.qcby.db.MysqlUtil;
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
String userName = req.getParameter("username");
String passWord = req.getParameter("password");
String[] queryParams = { "id", "user_name", "password" };
String loginSql = "select id, user_name, password from t_entity_user where user_name= \"" + userName + "\"";
ArrayList<String[]> userList = MysqlUtil.showUtil(loginSql, queryParams);
for (String[] user : userList) {
System.out.println("=============查询用户的结果:" + Arrays.toString(user));
}
resp.setContentType("application/json;charset=UTF-8");
PrintWriter pw = resp.getWriter();
if (userList.size() == 0) {
pw.write(MysqlUtil.listToFreedomJson("-1", "未找到用户名为" + userName + "的用户!", null, null));
return;
} else if (!passWord.equals(userList.get(0)[2])) {
pw.write(MysqlUtil.listToFreedomJson("-2", "密码错误", null, null));
return;
}
// 登录成功,返回cookie给前端
String[] loginUser = userList.get(0);
String id = loginUser[0];
Cookie idCookie = makeAndConfigCookie("userId", id);
resp.addCookie(idCookie);
String result = "{\"code\":\"0\",\"msg\":\"success\"}";
pw.append(result);
}
private Cookie makeAndConfigCookie(String key, String value) {
Cookie cookie = new Cookie(key, value);
cookie.setMaxAge(60 * 60);
cookie.setPath("/CommodityManage");
return cookie;
}
}
页面跳转后,根据用户id筛选查询商品的servlet代码
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.qcby.db.MysqlUtil;
public class CommodityUserPageLikeQueryServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
String name = req.getParameter("name");
int pageNo = Integer.parseInt(req.getParameter("pageNo"));
int pageSize = Integer.parseInt(req.getParameter("pageSize"));
String userId = req.getParameter("userId");
String querySql;
if ("-1".equals(userId)) {
querySql = "select * from commodity where name like \"%" + name + "%\" limit\t" + (pageNo - 1) * pageSize
+ "," + pageSize;
} else {
querySql = "select * from commodity where name like \"%" + name + "%\" and user_id=" + userId + " limit "
+ (pageNo - 1) * pageSize + "," + pageSize;
}
String[] colums = { "id", "name", "countNum", "price", "img" };
String result = MysqlUtil.getJsonBySql(querySql, colums);
System.out.println("根据用户+分页+模糊查询的结果:" + result);
resp.setContentType("application/json;charset=UTF-8");
resp.getWriter().write(result);
}
}
页面跳转之后的前端全条件查询代码
// 全条件查询
let allQuery = function(name,pageNo,pageSize,userId){
$.ajax({
url:"commodity/allQuery",
type:"post",
data:{name,pageNo,pageSize,userId},
success:function(value){
console.log(value);
let arr = value.data;
$(".commodityBody").html("");
for (var i = 0; i < arr.length; i++) {
$(".commodityBody").append(
"<tr>" +
"<td style=\"display: none\">" + arr[i].id + "</td>" +
"<td>" + arr[i].name + "</td>" +
"<td>" + arr[i].countNum + "</td>" +
"<td>" + arr[i].price + "</td>" +
"<td>" + "<img width:'5px' height:'2px' src='/imgs/"+arr[i].img+"'/>" + "</td>" +
"<td>" +
"<input type=\"button\" class=\"update\" value=\"编辑\">" +
"<input type=\"button\" class=\"delete\" value=\"删除\">" +
"<input type=\"button\" class=\"upload\" value=\"图片上传\">" +
"<input type=\"button\" class=\"shopCart\" value=\"加入购物车\">" +
"</td>" +
"</tr>")
}
},
error:function(){
alert("全条件查询商品失败!");
}
})
}
//进入页面,全条件查询一次商品数据库
allQuery("",1,6,$.cookie("userId"));
我们可以很清楚的看到,前端从cookie中取出数据,然后传给了后端
Session
cookie的缺点是明文用户信息,而且可以随意修改,不安全
Session好处
- 我们可以将信息放入session,session会自动加密
- 请求会自动带上session,我们可以根据session判断用户状态(比如是否已经登录)
客户端向服务端发送请求,服务端创建session对象,生成一个字符串JSESSIONID,保存到客户端的cookie中
下一次发送请求时,会默认带上JSESSIONID
JSESSIONID之所以安全,是因为JSESSIONID字符串,本质是被加密过的用户信息
session和cookie一样,都由服务端生成,区别在于,session一旦生成,之后的每次请求和响应都会带上,而cookie可以选带
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.qcby.db.MysqlUtil;
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
String userName = req.getParameter("username");
String passWord = req.getParameter("password");
String[] queryParams = { "id", "user_name", "password" };
String loginSql = "select id, user_name, password from t_entity_user where user_name= \"" + userName + "\"";
ArrayList<String[]> userList = MysqlUtil.showUtil(loginSql, queryParams);
for (String[] user : userList) {
System.out.println("=============查询用户的结果:" + Arrays.toString(user));
}
resp.setContentType("application/json;charset=UTF-8");
PrintWriter pw = resp.getWriter();
if (userList.size() == 0) {
pw.write(MysqlUtil.listToFreedomJson("-1", "未找到用户名为" + userName + "的用户!", null, null));
return;
} else if (!passWord.equals(userList.get(0)[2])) {
pw.write(MysqlUtil.listToFreedomJson("-2", "密码错误", null, null));
return;
}
// 密码正确,返回用户信息session给前端
String[] loginUser = userList.get(0);
String id = loginUser[0];
HttpSession session = req.getSession();
session.setAttribute("userName", userName);
String result = "{\"code\":\"0\",\"msg\":\"success\"}";
pw.append(result);
}
}
前端一般无法获取后端创建的session,不过前端自己创建的session可以获取