Cookie保存会话状态在浏览器客户端上
目录
1. 分析
先判断用户名密码正不正确, 在判断是否选择十天内免登录
如果上面判断都通过, 服务器将用户名和密码加密(md5)后保存进两个cookie中
服务器发送cookie信息给浏览器, 并且设置有效时间为10天
之后在登录的时候, 服务器将获取cookie中的加密用户名和密码信息, 和数据库中信息对比(数据库中的信息也是md5加密的)
对照上了就登录成功.
2. 代码
IsLoginServlet.java是在登录前判断, 是否已经可以自动登录
如果可以登录, 则跳转到登录成功页面, 如果判断失败则跳转到登录页面
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
public class IsLoginServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 这个页面是欢迎页面
// 用户最开始访问的是这个页面
// 这个页面的作用是从request中获取所有Cookie
Cookie[] cookies = request.getCookies();
String username = null;
String password = null;
// 遍历Cookie
if (cookies != null) {
// 有cookie
for (Cookie cookie : cookies) {
// 获取用户名和密码
// 由于cookie有两个一个是的key是username, 一个key是password
// 所以这里需要判断
String cookieName = cookie.getName();
String cookieValue = cookie.getValue();
if ("username".equals(cookieName)) {
// 说明这个cookie是用户名
username = cookieValue;
}else if ("password".equals(cookieName)) {
// 说明这个cookie是密码
password = cookieValue;
}
}
// 可能有Cookie但是不是用户名和密码的Cookie
// 所以这里需要判断, username和password是否为null
if (username != null && password != null) {
// 连接JDBC判断用户名和密码是否正确
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
boolean loginSuccess = false;
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test?characterEncoding=utf8&useSSL=true"
, "root", "991025");
String sql = "select * from s_user where username=? and password=?";
ps = conn.prepareStatement(sql);
ps.setString(1, username);
ps.setString(2, password);
rs = ps.executeQuery();
if (rs.next()) {
loginSuccess = true;
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if (ps != null) {
try {
ps.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
// 登录成功跳转到成功页面
if (loginSuccess) {
// 登录成功跳转到成功页面
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.print("<html lang=\"en\">");
out.print("<head>");
out.print(" <meta charset=\"UTF-8\">");
out.print(" <title>登录成功</title>");
out.print("</head>");
out.print("<body>");
out.print(" <h2>欢迎" + username + "</h2>");
out.print("</body>");
out.print("</html>");
} else {
// 登录失败跳转到登录页面
response.sendRedirect("/12/login.html");
}
}
} else {
// 有问题, 跳转到登录页面
response.sendRedirect("/12/login.html");
}
} else {
// 没cookie
// 跳转到登录页面
response.sendRedirect("/12/login.html");
}
}
}
LoginServlet.java是登录页面的逻辑, 如果自动登录不成功就跳转到这个页面
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");
// 获取用户名和密码
String username = request.getParameter("username");
String password = request.getParameter("password");
// JDBC
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
boolean loginSuccess = false;
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test?characterEncoding=utf8&useSSL=true"
, "root", "xxxxxx");
String sql = "select * from s_user where username=? and password=?";
ps = conn.prepareStatement(sql);
ps.setString(1, username);
ps.setString(2, password);
rs = ps.executeQuery();
if (rs.next()) {
loginSuccess = true;
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if (ps != null) {
try {
ps.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if (loginSuccess) {
// 登录成功之后查看用户是否选择十天内免登录
String flag = request.getParameter("tenDayAutoLoginFlag");
if ("ok".equals(flag)) {
// 创建Cookie对象
Cookie cookie1 = new Cookie("username", username);
Cookie cookie2 = new Cookie("password", password);
// 设置有效时间
cookie1.setMaxAge(60 * 60 * 24 * 10);
cookie2.setMaxAge(60 * 60 * 24 * 10);
// 设置关联路径
cookie1.setPath(request.getContextPath());
cookie2.setPath(request.getContextPath());
// 发送Cookie给浏览器
response.addCookie(cookie1);
response.addCookie(cookie2);
}
// 登录成功跳转到成功页面
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.print("<html lang=\"en\">");
out.print("<head>");
out.print(" <meta charset=\"UTF-8\">");
out.print(" <title>登录成功</title>");
out.print("</head>");
out.print("<body>");
out.print(" <h2>欢迎" + username + "</h2>");
out.print("</body>");
out.print("</html>");
} else {
// 登录失败跳转到失败页面
response.sendRedirect("/12/loginErr.html");
}
}
}
}
登录页面的HTML如下
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录页面</title>
</head>
<body>
<form action="/12/login" method="post">
用户名<input type="text" name="username">
<br/>
密码<input type="password" name="password">
<br/>
<input type="checkbox" name="tenDayAutoLoginFlag" value="ok">十天内免登录
<br/>
<input type="submit" value="登录">
</form>
</body>
</html>
密码输人错误登录失败的页面如下
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录失败</title>
</head>
<body>
登录失败, 请重新<a href="/12/login.html">登录</a>
</body>
</html>