Cookie和Session
http协议是一个无状态的协议,你每一个跳转到下一个页面的时候都是需要先登录才能使用,这样就很麻烦比如淘宝,没有cookie和session的话,用户在首页已经登录上去了,但是需要再次登录才能选择商品,需要再次登录才能放到购物车,需要再次登录才能然后购买,这样用户的体验是相当差的。
cookie
- 是什么
-
cookie是在浏览器中保存的
-
如果想要使用cookie要保证我们的浏览器是开启cookie,所以说有一定的弊端,如果浏览器没有开启cookie,就不能再使用cookie了
-
cookie的大小是有限制的,通常是4096byte
-
cookie的保存是以键值对的形式存在的
- 常用方法
//1.cookie的构造方法,目的是实例化出来cookie对象
Cookie(String name,String value)
//2.设置cookie的方法
setValue(String value) //修改cookie的值
setMaxAge(int time) //设置cookie的有效时间
setPath(String path) //设置当前cookie的有效路径
//3.要将cookie发送到浏览器
response.addCookie(Cookie cookie);
- servlet实例一
package com.by.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class SetCookieServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws Exception {
/**
* 1.创建cookie对象
* 将键:java2311 值:sb ,存到cookie对象中
*/
Cookie cookie = new Cookie("msg", "sb");
/**
* 2.设置有效时间
* 正数:表示当前cookie的有效时间
* 负数:表示当前浏览器打开的时候存在,关闭的时候没了
* 0:销毁当前的cookie
*/
cookie.setMaxAge(60*60*24);//设置了有效期是个正数,
//3.把cookie发送到浏览器
response.addCookie(cookie);
}
}
<servlet>
<servlet-name>setCookie</servlet-name>
<servlet-class>com.by.servlet.SetCookieServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>setCookie</servlet-name>
<url-pattern>/setCookie</url-pattern>
</servlet-mapping>
- servlet实例二
package com.by.servlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class GetCookieServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
//获取浏览器中cookie,返回值是一个数组
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
System.out.println("==============");
System.out.println(cookie.getName());//获取键
System.out.println(cookie.getValue());//获取值
}
}
}
<servlet>
<servlet-name>getCookie</servlet-name>
<servlet-class>com.by.servlet.GetCookieServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>getCookie</servlet-name>
<url-pattern>/getCookie</url-pattern>
</servlet-mapping>
- 实例三
@WebServlet("/destroyCookie")
public class DestroyCookieServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
//退出登录
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals("msg")){
cookie.setMaxAge(0);//销毁cookie
//重新发送给浏览器
response.addCookie(cookie);
}
}
}
}
<servlet>
<servlet-name>destroyCookie</servlet-name>
<servlet-class>com.by.servlet.DestroyCookieServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>destroyCookie</servlet-name>
<url-pattern>/destroyCookie</url-pattern>
</servlet-mapping>
session
- 为什么使用session?
- cookie保存数据类型是单一的,只能保存字符串类型的数据
- cookie的大小由限制
- 是什么?
- 保存服务器中
- 当用户发送一个HTTP请求到服务器时,服务器会检查该请求是否包含session标识符(通常是一个cookie),如果没有,则会创建一个新的session,并将session标识符发送给客户端。
- 使用session的时候一般要开启cookie如果浏览器没有开启cookie功能,我们可以通过html的url传参完后session的使用
- 没有大小的限制
- 信息的保存也是以键值对的形式存在的
- 实例一
package com.by.servlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.Date;
public class SetSessionServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response){
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
//1.获取session对象
HttpSession session = request.getSession();
System.out.println(session);
//获取的是JSESSIONID 服务器唯一的标识
System.out.println(session.getId());
//给session设置一个时间,有效果的,里面放的是秒
session.setMaxInactiveInterval(60*60*24);
User user = new User();
user.setUsername("张5丰");
user.setBirthday(new Date());
user.setSex("1");
session.setAttribute("user",user);
}
}
<servlet>
<servlet-name>setSession</servlet-name>
<servlet-class>com.by.servlet.SetSessionServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>setSession</servlet-name>
<url-pattern>/setSession</url-pattern>
</servlet-mapping>
- 实例二
package com.by.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class GetSessionServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response){
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
//1.获取Session对象
//第一次创建session的时候默认为true
//false的话,这个session使用的是已经创建好的session对象
HttpSession session = request.getSession(false);
//2.获取session,通过键取值
Object user = session.getAttribute("user");
System.out.println(user);
}
}
<servlet>
<servlet-name>getSession</servlet-name>
<servlet-class>com.by.servlet.GetSessionServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>getSession</servlet-name>
<url-pattern>/getSession</url-pattern>
</servlet-mapping>
- 实例三
package com.by.servlet;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class DestroySessionServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
//1.获取session对象
HttpSession session = request.getSession(false);
//销毁当前的session
session.invalidate();
}
}
<servlet>
<servlet-name>destroySession</servlet-name>
<servlet-class>com.by.servlet.DestroySessionServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>destroySession</servlet-name>
<url-pattern>/destroySession</url-pattern>
</servlet-mapping>