会话控制
Cookie简介
- Cookie是服务器创建的保存在浏览器端的用于区分不同用户的对象
- Cookie的运行原理
- 1)第一次发送请求时在服务器端创建一个Cookie对象
- 2)将Cookie对象发送给浏览器
- 3)以后再发送请求就携带着该Cookie对象
- 4)服务器就根据不同的Cookie对象来区分不同的用户
创建Cookie对象
- 在服务器端创建Cookie对象时可以指定Cookie对象的有效时间,默认的有效时间是一次会话
- 在服务器端创建Cookie对象时还可以指定Cookie对象的有效路径,默认的有效时间是当前项目的根目录
protected void doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException {
Cookie cookie = new Cookie("user", "admin");
Cookie cookie1 = new Cookie("user2", "persistCookie");
cookie1.setMaxAge(-1);
Cookie cookie2 = new Cookie("user3", "pathCookie");
cookie2.setPath(request.getContextPath()+"/pages");
response.addCookie(cookie);
response.addCookie(cookie1);
response.addCookie(cookie2);
}
获取Cookie对象
- 因为每次发送请求在请求头中携带Cookie对象,所以获取Cookie对象通过request来获取
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie cookie : cookies) {
String name = cookie.getName();
String value = cookie.getValue();
System.out.println("Cookie的名字是:"+name);
System.out.println("Cookie的值是:"+value);
}
}
}
Cookie的用途
Cookie的缺陷
- 1)Cookie是明文的,不安全
- 2)不同的浏览器对Cookie的大小和数量有限制
- 3)每次发送请求携带过多的Cookie对象费流量
- 4)Cookie对象的value值只能是String类型,不能保存一个对象
- 所以就有了Session
Session简介
- Session即HttpSession,在服务器端创建,用来保存用户信息
- Session的运行原理
- 1)第一次发送请求时在服务器端创建一个Session对象,该对象有一个全球唯一的ID
- 2)在创建Session对象的同时会创建一个特殊的Cookie对象,该Cookie对象的名字是一个固定值:JSESSIONID;该Cookie对象的值就是哪个Session对象的ID值,并将这个特殊的Cookie对象发送给浏览器
- 3)以后再发送请求就会携带着这个特殊的Cookie对象
- 4)服务器根据这个特殊的Cookie对象的value值从服务器中寻找与之对应的Session对象,以此来区分不同的用户
Session对象的创建与获取
- 如果项目中是HTML页面,只有在Servlet中通过request.getSession()才会创建Session对象
- 如果项目中是JSP页面,因为Session是JSP的隐含对象,所以访问JSP首页时即创建了Session对象
- 一访问index.jsp页面就会创建Session对象,该对象是在index_jsp.java文件中的_jspService()方法中创建的
- 一次会话中只能使用一个Session对象,Session对象一旦创建,在没有失效的情况下在哪儿获取得到的都是同一个
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
String id = session.getId();
System.out.println("Session对象的ID值是:"+id);
User user = new User(1, "admin");
session.setAttribute("user",user);
}
持久化名字为JSESSIONID的Cookie对象
- 由于Cookie默认是会话级别的,当我们关闭浏览器之后Cookie将失效,再次打开浏览器将不在携带那个Cookie对象,也就无法找到与之对应的Session对象,进而就找不到Session中保存的用户,我们可以通过持久化JSESSIONID的Cookie对象达到找到Session对象的目的
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie cookie : cookies) {
String name = cookie.getName();
if("JSESSIONID".equals(name)){
cookie.setMaxAge(180);
response.addCookie(cookie);
}
}
}
}
设置Session对象的最大空闲时间
- Session对象的默认最大空闲时间是30分钟(在Tomcat的web.xml中有配置),我们也可以设置Session对象的最大空闲时间
- 我们可以通过调用Session的invalidate()方法使Session对象立即失效
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
session.invalidate();
}
钝化和活化
- Session对象与Session对象中保存的数据一起从内存中被序列化到硬盘上的过程称为钝化
- Session对象与Session对象中保存的数据一起从硬盘上被反序列化到内存中的过程称为活化
- 要保证能正常的钝化和活化Session中保存的数据所对应的类必须实现序列化接口Serializable
注
Cookie的运行原理
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Cookie</title>
</head>
<body>
<%--
Cookie的运行原理:
1.第一次向服务器发送请求时在服务器端创建一个Cookie对象
2.将Cookie对象发送给浏览器
3.以后再发送请求就携带着该Cookie对象
4.服务器根据不同的Cookie对象来区分不同的用户
--%>
<a href="${pageContext.request.contextPath}/CreateCookieServlet">创建Cookie</a><br>
<a href="${pageContext.request.contextPath}/GetCookiesServlet">获取Cookie</a><br>
</body>
</html>
CreateCookieServlet
package com.atguigu.cookie.servlet;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import java.io.IOException;
@WebServlet("/CreateCookieServlet")
public class CreateCookieServlet extends javax.servlet.http.HttpServlet {
protected void doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException {
Cookie cookie = new Cookie("user", "admin");
Cookie cookie1 = new Cookie("user2", "persistCookie");
cookie1.setMaxAge(-1);
Cookie cookie2 = new Cookie("user3", "pathCookie");
cookie2.setPath(request.getContextPath()+"/pages");
response.addCookie(cookie);
response.addCookie(cookie1);
response.addCookie(cookie2);
}
protected void doGet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException {
doPost(request,response);
}
}
GetCookiesServlet
package com.atguigu.cookie.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/GetCookiesServlet")
public class GetCookiesServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie cookie : cookies) {
String name = cookie.getName();
String value = cookie.getValue();
System.out.println("Cookie的名字是:"+name);
System.out.println("Cookie的值是:"+value);
}
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}
Session的运行原理
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Session首页</title>
</head>
<body>
<!--
Session的运行原理:
1.第一次向服务器发送请求时在服务器端创建一个Session对象,该对象有一个全球唯一的ID
2.在创建Session对象的同时会创建一个特殊的Cookie对象,该Cookie对象的名字是一个固
定值:JSESSIONID,该Cookie对象的值就是Session对象的ID值,并将该Cookie对象发送给i浏览器
3.以后再发送请求就会携带着这个特殊的Cookie对象
4.在服务器端获取特殊的Cookie对象的值之后寻找与之对应的Session对象,以此来区分不同的用户
如何项目中是HTML页面:只有在Servlet中通过request.getSession()才会创建Session对象
如何项目中是jsp页面:一访问首页就创建了Session对象
-->
<h1>我是HTML静态页面!</h1>
</body>
</html>
创建或获取Session对象的Servlet
package com.atguigu.session.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet("/CreateOrGetSessionServlet")
public class CreateOrGetSessionServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
String id = session.getId();
System.out.println("Session对象的ID值是:"+id);
session.setAttribute("user","admin");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}
设置Session对象的最大空闲时间
package com.atguigu.session.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet("/SetSessionTimeoutServlet")
public class SetSessionTimeoutServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
session.invalidate();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}
钝化和活化
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>JSP首页</title>
</head>
<body>
<h1>Session对象的ID值是:<%=session.getId()%></h1>
<%--
钝化:当关闭服务器时,Session对象及sessino域中存放的数据一起从内存中被序列化到硬盘上的过程
活化:再次启动服务器,Session对象及sessino域中存放的数据一起从硬盘反序列化到内存中的过程
--%>
</body>
</html>
PersistJSESSIONIDCookieServlet
package com.atguigu.session.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/PersistJSESSIONIDCookieServlet")
public class PersistJSESSIONIDCookieServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie cookie : cookies) {
String name = cookie.getName();
if("JSESSIONID".equals(name)){
cookie.setMaxAge(180);
response.addCookie(cookie);
}
}
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}