<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Cookie/Session演示</title>
</head>
<body>
<h2>Cookie/Session演示</h2>
<a href="jsps/jsCookie.jsp">js操纵cookie技术演示</a>
<br/><br/><br/>
<a href="servlet/test">测试IE的Cookie数量和大小</a>
<h3>request,session,Application三个容器</h3>
<form action="<%=request.getContextPath()%>/servlet/save" method="post">
姓名:<input type="text" name="name"/><br/>
密码:<input type="password" name="pwd"/><br/>
<input type="submit" value="信息保存到三个容器">
</form>
<a href="<%=request.getContextPath()%>/servlet/getMsg">显示三个容器中的信息</a>
<a href="<%=request.getContextPath()%>/servlet/loginOut">安全退出</a>
<br/><br/><br/>
<a href="<%=request.getContextPath()%>/servlet/form">用户登录--验证码技术演示</a>
</body>
</html>
JSP操纵cookie技术演示
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>JSP操纵cookie技术演示</title>
<script type="text/javascript">
onload=function(){
/*
//1.修改/创建一个Cookie
//创建一个有效期为1天的cookie: name="湖南城院"
var d=new Date();
var time=d.getTime()+1000*60*60*24;//以毫秒为单位
d.setTime(time);
var name="湖南城院";
//val = escape(val);//对中文要编码处理---这种编码方式是早期版本,本例演示中在后台用 URLDecoder.decode()读不出
document.cookie="name"+"="+encodeURI(name)+";expires="+d.toGMTString()+";path=/";
//2.遍历(读取)
var cs=document.cookie.split(";");
for(var i=0;i<cs.length;i++){//无增强for循环
d1.innerHTML+="<br/>"+cs[i];
var str=cs[i].split("=");
d2.innerHTML+="<br/>"+str[0]+","+decodeURI(str[1]);
}
*/
//3.删除 (添加一个同名的过期cookie)
//除value以外的信息必须保持完全一致,否则会导致删除不成功。
var name="214231";//key还是name,key值可以随便换
var d=new Date(1970,1,1);//添加一个过期的Cookie
document.cookie="name"+"="+name+";expires="+d.toGMTString()+";path=/";
/*
*/
//2.遍历(读取)
var cs=document.cookie.split(";");
for(var i=0;i<cs.length;i++){//无增强for循环
d1.innerHTML+="<br/>"+cs[i];
var str=cs[i].split("=");
d2.innerHTML+="<br/>"+str[0]+","+decodeURI(str[1]);
}
}
</script>
</head>
<body>
<h2>JSP操纵cookie技术演示</h2>
<div id="d1"></div><br/><br/>
<div id="d2"></div>
</body>
</html>
request,session,Application三个容器
三个对像,也被称为域对像。用于保存用户的信息。
request – 用户请求Servlet,当请求结束时request即消失。类 : HttpServletRequest
session – 为每一个浏览器创建一个独有的会话,当前用户在任意Servlet的都可以获取自己保存的数据。类:HttpSession。
获取HttpSession的方式:httpServletRequest.getSession();
context - 一个应用,拥有唯一的一个ServletContext对像,访问此应用的任何浏览器,共享此ServletContext.
获取方式:getServletContext()
以上三个对像,都具有以下两个方法
setAttribute(key,value) – 用于将数据存在此范围内。
getAttribute(key) – 用于从某个范围中取出数据。
向三个容器中写信息
package cn.hncu.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class SaveServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
String name=request.getParameter("name");
String pwd=request.getParameter("pwd");
String info=name+","+pwd;
request.setAttribute("info", "--Request:"+info);//jsp中隐藏的对象request
request.getSession().setAttribute("info", "--Session:"+info);//jsp中隐藏的对象session
getServletContext().setAttribute("info", "--Application:"+info);//jsp中隐藏的对象application
out.println(request.getAttribute("info")+"<br/>");
out.println(request.getSession().getAttribute("info")+"<br/>");
out.println(getServletContext().getAttribute("info"));
out.println("</HTML>");
out.flush();
out.close();
}
}
显示三个容器中的信息
package cn.hncu.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class GetMsgServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
out.println(request.getAttribute("info")+"<br/>");
out.println(request.getSession().getAttribute("info")+"<br/>");
out.println(getServletContext().getAttribute("info"));
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
}
IE浏览器: 保存信息到容器中
读取三个容器信息
UC浏览器: 保存信息到容器中
此时从IE读取三个容器信息
由上分析:黑客技术原理(已知JSESSIONID)
安全退出
当用户登录后,一般在Session中保存有用户的信息。Session.setAttirubte(…)
用户退出时,应该当将自己的信息从Session中清除-即安全退出。
Session.invalidate();
Session.removeAttribute(…)
package cn.hncu.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginOutServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
HttpSession session= request.getSession();
session.invalidate();
out.println("已安全退出...");//让该session对象失效
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
}
用户登录–验证码技术演示
登陆界面:
package cn.hncu.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class FormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
//servlet/confirmCode
///servlet/loginCodel
String form="<form action='"+request.getContextPath() +"/servlet/loginCodel' method='post'>"+
"姓名:<input type='text' name='name'/><br/>"+
"密码:<input type='password' name='pwd'/><br/>"+
"验证码:<input type='text' name='confirm'/>" +
"<img src='"+request.getContextPath()+"/servlet/confirmCode'/><br/>"+
"<input type='submit' value='提交'/></form>";
out.println(form);
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
}
产生验证码:
package cn.hncu.servlet;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ConfirmCodeServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("image/jpg");
BufferedImage bI=new BufferedImage(80, 50, BufferedImage.TYPE_INT_RGB);
Graphics g=bI.getGraphics();
g.setFont(new Font("aa", Font.BOLD, 20));
Random r=new Random();
int n=r.nextInt(10000);
//把正确的验证码存储到session中
request.getSession().setAttribute("sCode", ""+n);
g.drawString(""+n, 5, 35);
g.dispose();//刷
ImageIO.write(bI, "JPEG", response.getOutputStream());
}
}
package cn.hncu.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginCodeServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
String sCode=(String) request.getSession().getAttribute("sCode");
String code=request.getParameter("confirm");
out.println(sCode+","+code);
if(sCode!=null&&sCode.equals(code)){
out.println("验证码正确...");
}else{
out.println("验证码错误...");
}
//※验证码用过一次之后,就要让它失效!!!否则容易被黑
request.getSession().removeAttribute("sCode");清除容器中的属性
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
}
测试IE的Cookie数量和大小
一个cookie只能表示简单的信息,且不能直接保存中文字符。它使用name和value的形式保存数据。
W3c规定浏览器只允许存放300个Cookie,一个站点最多可以存放20个Cookie,每个cookie的容量最大为4K.
由于各个浏览器厂商对Cookie的限制有所变化,所以保存多少个要看浏览器的支持。目前一般支持保存50-80个Cookie.每个Cookie大小为8K.可以使用IE测试。
如果创建了一个Cookie,它的生命周期默认为-1,即maxAge为-1,当关闭浏览器时,cookie即消失。可以通过setMaxAge修改它的生命周期,以秒为单位。如果设置成0,则通知浏览器删除Cookie.
综上所述:
IE6对于每一个web应用,可以存放50个cookie.
每一个Cookie的最大大小为:8192个字节。即8k。
但由于Cookie本身还有一些信息,所有,用户自己的信息最多也只有8000个字节。
package cn.hncu.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CookieTestServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
/*
for(int i=0;i<100;i++){
Cookie c = new Cookie("name"+i,"ttt"+i);
c.setMaxAge(60*5);
c.setPath("/");
response.addCookie(c);
}
*/
String s="";
for(int i=0;i<1024*7.5;i++){
s +="8";
}
Cookie c = new Cookie("okkk",s);
c.setMaxAge(60*5);
c.setPath("/");
response.addCookie(c);
}
}