Cookie和Session
Cookie:客户端技术;
Cookie是客户端技术,程序把每个用户的数据以cookie的形式写给用户各自的浏览器。当用户使用浏览器再去访问服务器中的web资源时,就会带着各自的数据去。这样,web资源处理的就是用户各自的数据了
HttpSession:服务器端技术。
Session是服务器端技术,利用这个技术,服务器在运行时可以为每一个用户的浏览器创建一个其独享的HttpSession对象,由于session为用户浏览器独享,所以用户在访问服务器的web资源时,可以把各自的数据放在各自的session中,当用户再去访问服务器中的其它web资源时,其它web资源再从用户各自的session中取出数据为用户服务
Cookie
1、客户端技术
本地最多存300个cookie,服务器端最多存20个
举例说明:我们访问后台程序,带过去一些数据,这些数据被存入servletrequest的addcookie方法写入cookei中。
2、Cookie属性:
name:必须的。
value:必须的。
path:路径。默认值。写cookie的那个程序的uri访问路径 。
domain:域。默认值。写cookie的那个程序所在的网站。
domain默认值:localhost
maxAge:最大存活时间。默认在浏览器的内存中。设置一个自然整数,单位是秒,这样浏览器就会把cookie信息存到自己的缓存区。
清楚cookei值得根本是清除本地的cookie,需要地址一致。如果访问的domain(网站地址)+path(工程的servlet路径)不一致,那么此次范文不会传递cookie过去,也就无法设置cookie。
我们可以手动设置cookei的uri地址。比如默认path为/abc/dd/,设置路径为/abc,那么以/abc开头的都能发送cookei.
version:版本号。
comment:注释。
记录和显示最近的访问时间,和清除时间
记录
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.text.DateFormat;
6 import java.text.ParseException;
7 import java.text.SimpleDateFormat;
8 import java.util.Date;
9
10 import javax.servlet.ServletException;
11 import javax.servlet.http.Cookie;
12 import javax.servlet.http.HttpServlet;
13 import javax.servlet.http.HttpServletRequest;
14 import javax.servlet.http.HttpServletResponse;
15 /**
16 * 记录和显示最近的访问时间:cookie技术
17 * @author Angus
18 *
19 */
20 public class CookieDemo1 extends HttpServlet {
21
22 public void doGet(HttpServletRequest request, HttpServletResponse response)
23 throws ServletException, IOException {
24 response.setContentType("text/html;charset=UTF-8");
25 PrintWriter out = response.getWriter();
26 out.write("您上次访问的时间是:<a href='"+request.getContextPath()+"/servlet/CookieDemo2'>清除</a>");
27 //读取指定的Cookie:lastAccessTime=1010010毫秒
28 Cookie cs[] = request.getCookies();
29 for(int i=0;cs!=null&&i<cs.length;i++){
30 if("lastAccessTime".equals(cs[i].getName())){
31 String value = cs[i].getValue();//时间毫秒值
32 Date date = new Date(Long.parseLong(value));
33 out.write(date.toLocaleString());
34 break;
35 }
36 }
37 //向客户端写cookie
38 Cookie cookie = new Cookie("lastAccessTime", System.currentTimeMillis()+"");
39 cookie.setMaxAge(Integer.MAX_VALUE);//永久
40 response.addCookie(cookie);
41 }
42
43 public void doPost(HttpServletRequest request, HttpServletResponse response)
44 throws ServletException, IOException {
45 doGet(request, response);
46 }
47
48 }
读取和清除
1 package com.wsj;
2
3 import java.io.IOException;
4
5 import javax.servlet.ServletException;
6 import javax.servlet.http.Cookie;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 //清除最后的访问时间
11 public class CookieDemo2 extends HttpServlet {
12
13 public void doGet(HttpServletRequest request, HttpServletResponse response)
14 throws ServletException, IOException {
15 Cookie cookie = new Cookie("lastAccessTime", "");//必须是同一个Cookie才行。domain+path+name
16 cookie.setMaxAge(0); //清除时间Cookie
17 response.addCookie(cookie);//写回去
18 }
19
20 public void doPost(HttpServletRequest request, HttpServletResponse response)
21 throws ServletException, IOException {
22 doGet(request, response);
23 }
24
25 }
运行效果
记录登录名
Servlet处理
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5
6 import javax.servlet.ServletException;
7 import javax.servlet.http.Cookie;
8 import javax.servlet.http.HttpServlet;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11
12 /**
13 * Servlet implementation class LoginServlet1
14 */
15 public class LoginServlet1 extends HttpServlet {
16
17 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
18
19 response.setContentType("text/html;charset=UTF-8");
20 PrintWriter out = response.getWriter();
21 //验证用户名和密码: abc---密码cba
22 String username = request.getParameter("username");
23 String password = request.getParameter("password");
24 password = new StringBuffer(password).reverse().toString();
25 if(!username.equals(password)){
26 out.write("错误的用户名或密码。2秒后自动转向登录页面");
27 response.setHeader("Refresh", "2;URL="+request.getContextPath()+"/servlet/LoginUIServlet");
28 return;
29 }
30 response.getWriter().write("登陆成功");
31
32 //根据是否记住用户名,保存cookie
33 String remember = request.getParameter("remember");//没有选择,null
34 Cookie c = new Cookie("loginInfo", username);
35 c.setPath(request.getContextPath());
36 if(remember==null){
37 //没有选择:删除cookie
38 c.setMaxAge(0);
39 }else{
40 //选择:记住cookie
41 c.setMaxAge(Integer.MAX_VALUE);
42 }
43 response.addCookie(c);
44 }
45
46 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
47
48 }
49
50 }
UI页面:
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5
6 import javax.servlet.ServletException;
7 import javax.servlet.http.Cookie;
8 import javax.servlet.http.HttpServlet;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11
12 /**
13 * 登录UI
14 */
15 public class LoginUIServlet1 extends HttpServlet {
16
17 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
18 response.setContentType("text/html;charset=UTF-8");
19 PrintWriter writer = response.getWriter();
20
21 //显示已经记住的用户名
22 String username = "";
23 String checked = "";
24 Cookie cs[] = request.getCookies();
25 for(int i=0;cs!=null&&i<cs.length;i++){
26 if("loginInfo".equals(cs[i].getName())){
27 username = cs[i].getValue();
28 checked = "checked='checked'";
29 break;
30 }
31 }
32 //显示登录页面
33 writer.write("<form action='"+request.getContextPath()+"/LoginServlet1' methond='POST'>");
34 writer.write("username:<input type='text' name='username' value='"+username+"'/><br/>");
35 writer.write("password:<input type='text' name='password' value=''/><br/>");
36 writer.write("<input type='checkbox' name='remember' "+checked+"/>记住用户名<br/>");
37 writer.write("<input type='submit' value='登陆'/>");
38 writer.write("</form>");
39
40 }
41
42 protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
43 doGet(request, response);
44 }
45
46 }
Session
原理:
1:HttpSession内存中查找谁的ID是这个的HttpSession对象。找到:取出来继续使用。没有找到:创建新的。。。。。
如图:
2:HttpSession session = request.getSession(boolean create);
create:true。和没有参数的getSession()是一样的。
create:false。只是查找,找不到返回null。
3配置失效时间:
Long getLastAccessedTime():返回最近的一次访问时间
void invalidate():立即失效
用户登录注销
LoginUIServlet
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5
6 import javax.servlet.ServletException;
7 import javax.servlet.http.Cookie;
8 import javax.servlet.http.HttpServlet;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11
12 public class LoginUIServlet extends HttpServlet {
13
14 public void doGet(HttpServletRequest request, HttpServletResponse response)
15 throws ServletException, IOException {
16 response.setContentType("text/html;charset=UTF-8");
17 PrintWriter out = response.getWriter();
18 //显示登陆页面
19 out.write("<form action='"+request.getContextPath()+"/servlet/LoginServlet' method='post'>");
20 out.write("username:<input type='text' name='username'/><br/>");
21 out.write("password:<input type='text' name='password' value=''/><br/>");
22 out.write("<input type='submit' value='登陆'/>");
23 out.write("</form>");
24 }
25
26 public void doPost(HttpServletRequest request, HttpServletResponse response)
27 throws ServletException, IOException {
28 doGet(request, response);
29 }
30
31 }
LoginServlet
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5
6 import javax.servlet.ServletException;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10
11 import com.itheima.domain.User;
12
13 public class LoginServlet extends HttpServlet {
14
15 public void doGet(HttpServletRequest request, HttpServletResponse response)
16 throws ServletException, IOException {
17 response.setContentType("text/html;charset=UTF-8");
18 PrintWriter out = response.getWriter();
19 //验证用户名和密码: abc---密码cba
20 String username = request.getParameter("username");
21 String password = request.getParameter("password");
22 password = new StringBuffer(password).reverse().toString();
23 if(!username.equals(password)){
24 out.write("错误的用户名或密码。2秒后自动转向登录页面");
25 response.setHeader("Refresh", "2;URL="+request.getContextPath()+"/servlet/LoginUIServlet");
26 return;
27 }
28 //用户名和密码都正确:向HttpSession中设置标记
29 User user = new User(username,password,"游客");
30 request.getSession().setAttribute("user", user);
31 response.getWriter().write("登陆成功,2秒后转向主页");
32 response.setHeader("Refresh", "2;URL="+request.getContextPath());
33 }
34
35 public void doPost(HttpServletRequest request, HttpServletResponse response)
36 throws ServletException, IOException {
37 doGet(request, response);
38 }
39
40 }
IndexServlet
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5
6 import javax.servlet.ServletException;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import javax.servlet.http.HttpSession;
11
12 import com.itheima.domain.User;
13 /**
14 * 主页
15 * @author Angus
16 *
17 */
18 public class IndexServlet extends HttpServlet {
19
20 public void doGet(HttpServletRequest request, HttpServletResponse response)
21 throws ServletException, IOException {
22 response.setContentType("text/html;charset=UTF-8");
23 PrintWriter out = response.getWriter();
24
25 HttpSession session = request.getSession();
26 User user = new User();
27
28 if(user==null){
29 out.write("<a href='"+request.getContextPath()+"/servlet/LoginUIServlet'>登录</a>");
30 }else{
31 out.write("欢迎您:"+user.getNickname()+"<a href='"+request.getContextPath()+"/servlet/LoginOutServlet'>注销</a>");
32 }
33 out.write("<hr/>这是主页");
34 }
35
36 public void doPost(HttpServletRequest request, HttpServletResponse response)
37 throws ServletException, IOException {
38 doGet(request, response);
39 }
40
41 }
LoginOutServlet
1 package com.wsj;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5
6 import javax.servlet.ServletException;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import javax.servlet.http.HttpSession;
11
12 public class LoginOutServlet extends HttpServlet {
13
14 public void doGet(HttpServletRequest request, HttpServletResponse response)
15 throws ServletException, IOException {
16 response.setContentType("text/html;charset=UTF-8");
17 PrintWriter out = response.getWriter();
18 HttpSession session = request.getSession();
19 // session.invalidate();//立即失效
20 session.removeAttribute("user");
21 response.getWriter().write("注销成功,2秒后转向主页");
22 response.setHeader("Refresh", "2;URL="+request.getContextPath());
23 }
24
25 public void doPost(HttpServletRequest request, HttpServletResponse response)
26 throws ServletException, IOException {
27 doGet(request, response);
28 }
29
30 }
利用HttpSession防止表单重复提交
PayUIServlet
1 import java.io.IOException;
2 import java.io.PrintWriter;
3 import java.util.UUID;
4
5 import javax.servlet.ServletException;
6 import javax.servlet.http.HttpServlet;
7 import javax.servlet.http.HttpServletRequest;
8 import javax.servlet.http.HttpServletResponse;
9 /**
10 * 生成唯一的令牌
11 * @author Angus
12 *
13 */
14 public class PayUIServlet extends HttpServlet {
15
16 public void doGet(HttpServletRequest request, HttpServletResponse response)
17 throws ServletException, IOException {
18 response.setContentType("text/html;charset=UTF-8");
19 PrintWriter out = response.getWriter();
20 String token = UUID.randomUUID().toString();//唯一 GUID
21
22 request.getSession().setAttribute("token", token);
23 out.write("<form action='"+request.getContextPath()+"/servlet/PayServlet' method='post'>");
24 out.write("付款金额:<input type='text' name='money' value='10000'/><br/>");
25 out.write("<input type='hidden' name='token' value='"+token+"'/><br/>");
26 out.write("<input type='submit' value='付款'/><br/>");
27 out.write("</form>");
28
29 }
30
31 public void doPost(HttpServletRequest request, HttpServletResponse response)
32 throws ServletException, IOException {
33 doGet(request, response);
34 }
35
36 }
PayServlet
1 import java.io.IOException;
2 import java.io.PrintWriter;
3
4 import javax.servlet.ServletException;
5 import javax.servlet.http.HttpServlet;
6 import javax.servlet.http.HttpServletRequest;
7 import javax.servlet.http.HttpServletResponse;
8 import javax.servlet.http.HttpSession;
9 /**
10 *
11 * @author Angus
12 *
13 */
14 public class PayServlet extends HttpServlet {
15
16 public void doGet(HttpServletRequest request, HttpServletResponse response)
17 throws ServletException, IOException {
18 response.setContentType("text/html;charset=UTF-8");
19 PrintWriter out = response.getWriter();
20 String money = request.getParameter("money");
21 String formToken = request.getParameter("token");
22 HttpSession session = request.getSession();
23 String sessionToken = (String) session.getAttribute("token");
24 synchronized (PayServlet.class) {
25 if(formToken.equals(sessionToken)){
26
27 System.out.println("支付成功,金额是:" + money);
28 session.removeAttribute("token"); //移除后就无法重复提交
29
30 }else{
31 out.write("请不要重复提交");
32 }
33 }
34 }
35
36 public void doPost(HttpServletRequest request, HttpServletResponse response)
37 throws ServletException, IOException {
38 doGet(request, response);
39 }
40
41 }
效果:
再次提交
客户端禁用Cookie后的会话数据保持
禁用Cookie:浏览器永远不会向服务器端发送Cookie的请求消息头 。
方式一:主页上提示:为了更好浏览本网站,请不要禁用您的Cookie(很多网站都不做处理。。。)
方式二:URL重写。 在URL侯拼上 JSESSIONID
http://localhost:8080/day10_05_shopping/servlet/ShowCartServlet
http://localhost:8080/day10_05_shopping/servlet/ShowCartServlet;JSESSIONID=11111
特别注意:要重写就必须所有的地址都重写
response.encodeUrl(String url);自动判断用户是否禁用,没有禁用就不重写。
HttpSession对象的状态
日后:## javaBean一般情况下都要实现java.io.Serialiazable接口 ##,可以避免异常
偶尔会报个异常: