1.会话:
2.保存会话的数据:
之前学的两个域对象ServletContext和request都不能实现的原因:
1.ServletContext会发生数据覆盖的问题
2.如果用request转发去传递数据,可以实现,但是只运行用户发生一个请求,来完成数据的保存。会导致用户体验差。而如果用户用两个request,则又无法实现转发功能。
所以接下来就是保存会话数据的两种技术:Cookie,Session(域对象)
Cookie技术:
Session技术:
3.Cookie:
案例1:显示用户上次访问时间:
public class CookieDemo1 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
out.print("<a href='/day06/servlet/DeleteCookie'>清楚上次访问时间</a><br/>");
out.print("您上次访问的时间是:");
//获得用户的时间cookie
Cookie[] cookies = request.getCookies();
for(int i=0; cookies!=null && i<cookies.length;i++){
if(cookies[i].getName().equals("lastAccessTime")){
long cookieValue = Long .parseLong(cookies[i].getValue()); //得到用户的上次访问时间
Date date = new Date(cookieValue);
out.print(date.toLocaleString());
}
}
//给用户回送最新的访问时间
Cookie cookie = new Cookie("lastAccessTime",System.currentTimeMillis()+"");
cookie.setMaxAge(1+30*24*3600); //保存一个月
cookie.setPath("/day06"); //设置cookie的有效域
response.addCookie(cookie);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
DeleteCookie.java:
public class DeleteCookie extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Cookie cookie = new Cookie("lastAccessTime",System.currentTimeMillis()+"");
cookie.setMaxAge(0);
cookie.setPath("/day06");
response.addCookie(cookie);
response.sendRedirect("/day06/servlet/CookieDemo1");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
cookie细节:
案例2:显示商品浏览历史纪录
//代表首页的servlet
public class CookieDemo extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
//1.输出网站的所有商品
out.write("本网站有如下商品:<br/>");
Map<String, Book> map = Db.getAll();
for(Map.Entry<String, Book> entry:map.entrySet()){
Book book = entry.getValue();
out.write("<a href='/day06/servlet/CookieDemo1_1?id="+book.getId()+"' target='_blank'>"+book.getName()+"</a><br/>");
}
//2.显示用户看过的商品
out.print("<br/>您曾经看过如下商品:<br/>");
Cookie[] cookies = request.getCookies();
for(int i = 0;cookies!=null && i<cookies.length;i++){
if(cookies[i].getName().equals("bookHistory")){
String[] ids = cookies[i].getValue().split("\\."); //不能用逗号分隔,因为高版本的tomcat中cookie是以逗号区分开的
for(String id:ids){
Book book = (Book) Db.getAll().get(id);
out.print(book.getName()+"<br/>");
}
}
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
class Db{
private static Map<String,Book> map = new LinkedHashMap();
static{
map.put("1", new Book("1", "javaweb开发", "老张", "一本好书"));
map.put("2", new Book("2", "jdbc开发", "老张", "一本好书"));
map.put("3", new Book("3", "sping开发", "老李", "一本好书"));
map.put("4", new Book("4", "struts开发", "老毕", "一本好书"));
map.put("5", new Book("5", "android", "老张", "一本好书"));
}
public static Map getAll(){
return map;
}
}
class Book{
private String id;
private String name;
private String author;
private String description;
public Book() {
super();
}
public Book(String id, String name, String author, String description) {
super();
this.id = id;
this.name = name;
this.author = author;
this.description = description;
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getAuthor() {
return author;
}
public void setAuthor(String author) {
this.author = author;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
}
//显示商品详细信息的servlet
public class CookieDemo1_1 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
//1.根据用户带过来的id,显示相应商品的详细信息
String id = request.getParameter("id");
Book book = (Book) Db.getAll().get(id);
out.write(book.getId()+"<br/>");
out.write(book.getAuthor()+"<br/>");
out.write(book.getName()+"<br/>");
out.write(book.getDescription()+"<br/>");
//2.构建cookie,回写给浏览器
String cookieValue = buildCookie(id, request);
Cookie cookie = new Cookie("bookHistory",cookieValue);
cookie.setMaxAge(1*30*24*60*60);
cookie.setPath("/day06");
response.addCookie(cookie);
}
private String buildCookie(String id, HttpServletRequest request) {
//bookHistory = null 1 1
//bookHistory = 2,5,1 1 1,2,5
//bookHistory = 2,5,4 1 1,2,5(假设cookie最大值为3)
//bookHistory = 2,5 1 1,2,5
String bookHistory = null;
Cookie[] cookies = request.getCookies();
for(int i=0; cookies!=null && i<cookies.length;i++){
if(cookies[i].getName().equals("bookHistory")){
bookHistory = cookies[i].getValue();
}
}
if(bookHistory==null){
return id;
}
LinkedList<String> list = new LinkedList<String>(Arrays.asList(bookHistory.split("\\.")));
/* if(list.contains(id)){
list.remove(id);
list.addFirst(id);
}else{
if(list.size()>=3){
list.removeLast();
list.addFirst(id);
}else{
list.addFirst(id);
}
}*/
if(list.contains(id)){
list.remove(id);
}else if(list.size()>=3){
list.removeLast();
}
list.addFirst(id);
StringBuilder sb = new StringBuilder();
for(String bid:list){
sb.append(bid+".");
}
return sb.deleteCharAt(sb.length()-1).toString();
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
cookie其他应用:购物,自动登陆(回写的时候密码用MD5码+随机数)
4.session:基于cookie(服务器回写的cookie是没有有效期的,最好自己覆盖)
session的生命周期:创建session的代码,seesion没有被调用30分钟后自己关闭。关闭时间服务器配置可修改。也代码关闭。session.invalidate()。
cookie被浏览器禁了的情况:(localhost不会被禁止)
服务器先查看有没有cookie,没有就重写URL。
解决方案:在超链接后面带session的id号。
String url = reponse.encodeURL("/"); 会自己加id
新问题:关闭了浏览器,之前的session的id号就没有了。
无法解决。
案例1:session实现简单的购物(相对cookie对服务器压力较大)
购物首页
购买
显示
3个案例:
案例2:用户登陆
登陆界面
产生登陆标记
登陆成功界面
用户注销
案例3:客户端,服务端 防表单重复提交
客户端:
javascript解决方案:只用这的话 不安全(比如刷新,又提交等等)
服务端:继续防,防止表单重复提交,在创建表单前给每个表单带上一个随机数
产生表单:
产生随机数:
表单页面:
数据处理:
表单重复判断:
md5的作用:应用很广泛
保证用户密码的安全性。(先和加随机数,再MD5,防止暴力破解)
校验数据的完整性。
校验光盘的完整性。
BASE64:数据传递的时候用的很多
案例4:校验图片认证码
5.三个域对象(容器):servletcontext, request, session
使用情形:
request:数据显示完了没用了(一个请求上用一次)
session:除了显示,等一会还要用(一个请求上用多次)
servletcontext:除了显示,等一会还要用,还要给别人用(多个请求都用)聊天室
综合案例:过滤器的时候再做