1.Cookie禁用如何来使用HttpSession服务器端会话对象呢?
之前我们提到了浏览器独享的HttpSession对象是通过JSESSIONID这个cookie来找到的。那么当浏览器端禁用了cookie时,我们浏览器就不能正常的存储我们的cookie,在发出请求时也不会带上我们的JSESSIONID这个cookie,那么也就无法找到浏览器独享的HttpSession对象了。那么有什么解决办法了?其实很简单就是在每次请求时我们在URL地址上带上一个JSESSIONID的参数即可。只有这样调用request.getSession()时通过寻找到request请求对象中的JSESSIONID,才能通过JSESSIONID来找到对应的session,并且把JSESSIONID存储到response中,如果要跳转地址,通过response提供一个方法encodeURL(“URL”)方法可以返回一个带JSESSIONID参数的字符串URL。这样循环用这样的方法使得request对象中包含了JSESSIONID这个参数,调用request.getSession()时也会将JSESSIONID写入到response中。如果不掉用request.getSession()方法使用encodeURL()方法重写url是没有用的,因为response中不包含JSESSIONID这个参数。但是这里还需要注意的是:不是JSESSIONID被存储到response中就一定要作为响应头返回给浏览器的,事实上当调用request.getSession()时如果是第一次创建该session,JSESSIONID才会被作为cookie封装到response中作为响应消息头,如果之前创建过session则不会作为响应消息头返回,但是会存储到response对象中,供一些方法使用,比如我们这里的encodeURL()方法。
之前我们提到了浏览器独享的HttpSession对象是通过JSESSIONID这个cookie来找到的。那么当浏览器端禁用了cookie时,我们浏览器就不能正常的存储我们的cookie,在发出请求时也不会带上我们的JSESSIONID这个cookie,那么也就无法找到浏览器独享的HttpSession对象了。那么有什么解决办法了?其实很简单就是在每次请求时我们在URL地址上带上一个JSESSIONID的参数即可。只有这样调用request.getSession()时通过寻找到request请求对象中的JSESSIONID,才能通过JSESSIONID来找到对应的session,并且把JSESSIONID存储到response中,如果要跳转地址,通过response提供一个方法encodeURL(“URL”)方法可以返回一个带JSESSIONID参数的字符串URL。这样循环用这样的方法使得request对象中包含了JSESSIONID这个参数,调用request.getSession()时也会将JSESSIONID写入到response中。如果不掉用request.getSession()方法使用encodeURL()方法重写url是没有用的,因为response中不包含JSESSIONID这个参数。但是这里还需要注意的是:不是JSESSIONID被存储到response中就一定要作为响应头返回给浏览器的,事实上当调用request.getSession()时如果是第一次创建该session,JSESSIONID才会被作为cookie封装到response中作为响应消息头,如果之前创建过session则不会作为响应消息头返回,但是会存储到response对象中,供一些方法使用,比如我们这里的encodeURL()方法。
浏览器禁用cookie后java代码如下:
CreateServlet类:
package com.yd.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class CreateSession
*/
@WebServlet("/CreateSession")
public class CreateSession extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public CreateSession() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//设置request的编码级
request.setCharacterEncoding("utf-8");
//获得session对象 在这里就会产生一个JSESSIONID放到response对象中
HttpSession session=request.getSession();
session.setAttribute("name", "MyTomCat");
//要重定向的地址
String url="/CloseCookieUserSession/MiddleServlet";
url=response.encodeUrl(url); //返回一个带有JSESSIONID的url地址
System.out.println("url:"+url+"JSESSIONID:"+session.getId());
//重定向到指定url
response.sendRedirect(url);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
服务器响应头截图:
MiddleServlet类:
package com.yd.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class MiddleServlet
*/
@WebServlet("/MiddleServlet")
public class MiddleServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public MiddleServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//到了这里首先设置request对象的编码集
request.setCharacterEncoding("utf-8");
//让response对象中获得JSESSIONID的cookie
HttpSession session=request.getSession();
//session获得属性
String name=(String) session.getAttribute("name");
String url="/CloseCookieUserSession/FinalServlet";
//url=response.encodeURL(url);
System.out.println("MiddleServlet:"+name+"ddd:"+url);
//这次跳转时不带上JSESSIONID
response.sendRedirect(url);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
重写地址后浏览器发出请求地址截图:
FinalServlet类:
package com.yd.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class FinalServlet
*/
@WebServlet("/FinalServlet")
public class FinalServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public FinalServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
HttpSession session=request.getSession();
//session获得属性
String name=(String) session.getAttribute("name");
System.out.println("MiddleServlet:"+name+"id"+session.getId());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
重新创建session时响应消息头中带有JSESSIONID的cookie但是于图一的JSESSIONID不是同一个,截图如下:
代码运行时序图: