session技术应用--验证码登录

后台生成验证码并往客户端和后台各发一份，进行下一步登录判断

package cn.hncu.servlet;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class imgDemo extends HttpServlet {
    @Override
    protected void service(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        // ☆1☆--相比纯java方式有变化的地方
        resp.setContentType("image/jpeg");// 设置http响应头---告诉浏览器我现在发的是这个图片格式的数据，你用相应的方式来解析

        // 定义图片的宽和高
        int w = 60;
        int h = 30;

        // 声明一个RGB格式的内存中的图片
        BufferedImage img = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB);
        Graphics g = img.getGraphics();

        // 把背景变白色
        g.setColor(Color.white);
        g.fillRect(0, 0, w, h);
        // 设置字体
        g.setFont(new Font("aa", Font.BOLD, 18));

        // 产生并draw出4个随机数字
        Random r = new Random();
        String code = "";
        for (int i = 0; i < 4; i++) {
            int a = r.nextInt(10);// 生成0~9之间的随机整数
            int y = 15 + r.nextInt(20);// 产生随机的垂直位置
            // 产生随机颜色
            Color c = new Color(r.nextInt(256), r.nextInt(256), r.nextInt(256));
            g.setColor(c);

            g.drawString("" + a, i * 15, y);
            code += a;//生成真正的验证码
        }

        req.getSession().setAttribute("code", code);//把真正的验证码发送
        // 画几条干扰线
        for (int i = 0; i < 10; i++) {
            // 产生随机颜色
            Color c = new Color(r.nextInt(256), r.nextInt(256), r.nextInt(256));
            g.setColor(c);
            g.drawLine(r.nextInt(60), r.nextInt(30), r.nextInt(60),
                    r.nextInt(30));
        }

        g.dispose();// 类似于IO中的flush(),把图形数据刷到img中
        // 把内存图片img对象保存到一个jpg文件
        ImageIO.write(img, "JPEG", resp.getOutputStream());// ☆2☆
    }
}

将后台发来的验证码code和前端发送请求的验证码code进行比较，正确则输出登录成功，否则失败，在进行每次操作后，需要把当前session销毁，否则，验证码是不会更新的

package cn.hncu.servlet2;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginServlet2 extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        doPost(request, response);

    }

    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
        out.println("<HTML>");
        out.println("  <HEAD><TITLE>A Servlet</TITLE></HEAD>");
        out.println("  <BODY>");

        // 获取用户上传参数中的验证码--待测数据
        String code = request.getParameter("code");

        // 获取session中的验证码的标准答案
        String scode = (String) request.getSession().getAttribute("code");
        request.getSession().removeAttribute("code");//把旧的验证码失效,无论这次是否成功都要失效

        if (scode == null || !scode.equals(code)) {
            out.println("验证码输入错误！");
        } else {// 验证码正确的情况
                // 把用户名和密码提交给后台数据库去校验
            String name = request.getParameter("name");
            String pwd = request.getParameter("pwd");
            if (name != null && name.trim().equals(pwd)) {
                out.println("登录成功");
            } else {
                out.println("登录失败");
            }

        }

        out.println("  </BODY>");
        out.println("</HTML>");
        out.flush();
        out.close();
    }

}