Session JSP 程序示例
一个简单的用户登陆过程;包括3个JSP页面:
- sessiontest_login.jsp —— 提供一个登陆界面;登陆后进入sessiontest_home.jsp页面
- sessiontest_home.jsp —— 显示当前登陆用户;如果没有用户登陆,将请求重定向到sessiontest_login.jsp
- sessiontest_logout.jsp —— 销毁当前Session对象,并提供进入sessiontest_login.jsp的链接
在浏览器中输入URL:
http://localhost:8080/base-webapp/jsp/session/sessiontest_login.jsp
输入用户名和密码,点击SUBMIT:
点击LOGOUT,
点击LOGIN AGAIN,再次进入登陆页面;此时Session ID的值不同,生成了一个新的Session。
代码如下:
sessiontest_login.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Session Test Login</title>
</head>
<body bgcolor="#ffffff" onLoad="document.loginForm.username.forcus()">
<%
String name = "";
if (!session.isNew()){
name = (String)session.getAttribute("username");
if (name == null){
name = "";
}
}
%>
<p>Welcome to the Session Test Login Page</p>
<p>Session ID : <%= session.getId() %></p>
<table width="500" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<form name="loginForm" method="post" action="sessiontest_home.jsp">
<table width="500" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="401"><div align="right">User Name: </div></td>
<td width="399"><input type="text" name="username" value="<%=name%>"/></td>
</tr>
<tr>
<td width="401"><div align="right">Password: </div></td>
<td width="399"><input type="password" name="password" /></td>
</tr>
<tr>
<td width="401"> </td>
<td width="399"><input type="submit" name="submit" value="SUBMIT"/></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>
sessiontest_home.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Session Test Home Page</title>
</head>
<body>
<%
String name = null;
name = request.getParameter("username");
if (name != null){
session.setAttribute("username", name);
}else{
name = (String)session.getAttribute("username");
if (name == null){
response.sendRedirect("sessiontest_login.jsp");
}
}
%>
<a href="sessiontest_login.jsp">Login</a>
<a href="sessiontest_logout.jsp">Logout</a>
<p>Current User is : <%= name %></p>
</body>
</html>
sessiontest_logout.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Session Test Logout Page</title>
</head>
<body>
<%
String name=(String)session.getAttribute("username");
session.invalidate();
%>
<%= name %>Good Bye;
<p/>
<p/>
<a href="sessiontest_login.jsp">Login again!</a>
</body>
</html>
改进 —— 重新URL
讲上面代码中的sendRedirect()方法中的JSP路径值改为:
sessiontest_login.jsp
...
<form name="loginForm" method="post" action="<%= response.encodeURL("sessiontest_home.jsp") %>">
...
sessiontest_home.jsp
...
if (name == null){
response.sendRedirect(response.encodeRedirectURL("sessiontest_login.jsp"));
}
}
%>
<a href="<%= response.encodeURL("sessiontest_login.jsp")%>">Login</a>
<a href="<%= response.encodeURL("sessiontest_logout.jsp")%>">Logout</a>
...
sessiontest_logout.jsp
...
<a href="<%= response.encodeURL("sessiontest_login.jsp")%>">Login again!</a>
...
将浏览器中的Cookie禁用:
再次访问,点击SUBMIT后,在浏览器地址栏中可以看到对应的URL后面加入了SESSION ID的信息:
http://localhost:8080/base-webapp/jsp/session/sessiontest_home.jsp;jsessionid=F6CF509FB2723BCAB3F04E1E0ED1813D
如果浏览器没有禁用Cookie,则虽然重写了URL,但是生成的URL中也不包含Session ID的信息。