前言:从来没有认真的学习一下session,想学习的原因是最近的一个项目,登录验证使用了shiro之后数据源切换不了,由于只是一个登陆以及用户管理界面,便没有大改。只在controller方法里切换,不得不说这种方法并不好。由于自己刚工作就接触了shiro,对session并不了解,借此机会学习一下。
1.首先服务器可以为每个用户浏览器创建一个会话,即session对象。创建出来之后,会把session的Id以cookie形式回传给客户端,客户端以后的每次访问都会带着这个Id以便服务器识别。解决了一个用户的不同请求的数据共享问题。 默认存储时间是30分钟。
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; /** * @author suwan * @date 2019/6/19 */ @RestController @RequestMapping("/session") public class SessionController extends HttpServlet { @Override @GetMapping("/test") protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setCharacterEncoding("UTF-8"); response.setContentType("text/html;charset=UTF-8"); HttpSession session = request.getSession(); String sessionId = session.getId(); if (request.getSession().isNew()){ response.getWriter().print("session创建成功,session的id是:"+sessionId); }else { response.getWriter().print("服务器已经存在该session了,session的id是:"+sessionId); } } }
浏览器访问:
cookie中JSESSIONID就是服务器创建的session的Id。
重新刷新:
2.利用session实现用户登录的简单实现:
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author suwan
* @date 2019/6/20
*/
@RestController
@RequestMapping("/session")
public class SessionController extends HttpServlet {
@Override
@GetMapping("/test")
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
String username = request.getParameter("username");
String password = request.getParameter("password");
User user = new User();
user.setUsername(username);
user.setPassword(password);
//创建session保存user对象
request.getSession().setAttribute("user",user);
//跳到指定页面
response.sendRedirect("/index/test");
}
}
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/**
* @author suwan
* @date 2019/6/20
*/
@RestController
@RequestMapping("/index")
public class IndexController extends HttpServlet {
@Override
@GetMapping("/test")
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
HttpSession session = request.getSession();
//获取session中的user对象
User user =(User) session.getAttribute("user");
if (user ==null){
response.getWriter().print("登录失败");
}else {
response.getWriter().print("登陆成功!username = "+user.getUsername());
//跳到指定页面
response.getWriter().print(" "+ "<a href='/loginOut/test'>退出</a>");
}
}
}
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * @author suwan * @date 2019/6/20 */ @RestController @RequestMapping("/loginOut") public class LoginOutController extends HttpServlet { @Override @GetMapping("/test") protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //使session无效并解除绑定到它上面的任何对象。 request.getSession().invalidate(); //重定向 response.sendRedirect("/index/test"); } }
浏览器访问:http://localhost:8085/session/test?username=1&password=1
点击退出之后,session失效,绑定在该session上的对象也被解绑。user为null