什么是Session:
- 1,Session就是一个接口
- 2,Session就是会话,用来维护一个客户端和服务器之间关联的一种技术
- 3,每个客户端都有一个自己的Session
- 4,Session会话中,经常用来保存用户登录之后的信息
创建和获取:
request.getSession():
- 第一次调用是创建,之后调用是获取之前创建好的Session
isNew():
- 判断是否是刚创建的(true:刚创建;false:之前创建的)
每一个会话都有一个id,而且这个id是唯一的
getId()得到Session的会话id值
生命周期:
setMaxInactiveInterval(int interval):设置Session的超时时长
值为正数时为设置超时时长,负数为永不超时
getMaxInactiveInterval():获得Session的超时时长
invalidate():让Session马上超时无效
Session默认超时的时长:30分钟(可以通过web.xml进行修改)
<session-config>
<session-timeout>45</session-timeout>
</session-config>
Session的超时是指,客户端两次请求的最大间隔时长
底层原理:
在我们用浏览器访问服务器时,会自动生成Session,同时会自动生成一个cookie,其key是”JSESSIONID“,value是该Session的id值。cookie的生命周期没有设置的话是关闭网页后,cookie直接销毁,所以在浏览器关闭时,等同于Session被销毁。
练习:
保存信息
@WebServlet("/sessionsave")
public class SessionSave extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//----使用session共享数据
//1,获取session
HttpSession session = request.getSession();
//2,存储数据
session.setAttribute("msg","Hello1");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
获得信息
@WebServlet("/sessionget")
public class SessionGet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//----使用session获取数据
//1,获取session
HttpSession session = request.getSession();
//2,获取数据
Object msg = session.getAttribute("msg");
System.out.println(msg);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
当我们关掉客户端后,重新打开,会发现session的id不是同一个,如果我们要同一个的话,就得依赖cookie
/**
* 客户端关闭后,重新打开获得相同的session
*/
@WebServlet("/sessionload")
public class SessionLoad extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//1,获取session
HttpSession session = request.getSession();
System.out.println(session);
//期望客户端关闭后,下次打开时session也能相同
Cookie cookie=new Cookie("SessionName", session.getId());
cookie.setMaxAge(60*60);
response.addCookie(cookie);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
案例练习:
一个登陆的操作,判断验证码和用户名密码:
@WebServlet("/loginservlet")
public class loginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
String username=request.getParameter("username");
String password=request.getParameter("password");
String checkCode=request.getParameter("checkCode");
//先获取生成的验证码
HttpSession session = request.getSession();
String string = (String) session.getAttribute("string");
//先判断验证码是否正确
if(string.equalsIgnoreCase(checkCode)){//忽略大小写
//判断用户名和密码是否一致
if("zhangsan".equals(username)&&"123".equals(password)){//登陆成功
request.setAttribute("login_error","登陆成功");
request.getRequestDispatcher("/index.jsp").forward(request, response);
}else {//登陆失败
request.setAttribute("login_error","用户名或密码错误");
request.getRequestDispatcher("/index.jsp").forward(request, response);
}
}else {
//验证码不一致
//存储提示信息到request
request.setAttribute("cc_error", "验证码错误");
request.getRequestDispatcher("/index.jsp").forward(request, response);
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
就不做太多详细介绍了,但是要先判断验证码。这样的话如果验证码错误的话就不用去判断用户名和密码了。