首先提出一个问题:为什么用session容器来保存用户的登录状态?
因为在一个会话里访问的一些web资源都需要知道用户是否已经登录,所以只能保存在session中,不能是在request中。
首页:
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>
<body>
欢迎您:${user.username}<!-- 取出session里的user对象 --> <a href="/J2013-8-27Session/login.html">登录</a> <a href="/J2013-8-27Session/LoginOutServlet">退出登录</a>
<br/><br/><br/>
<a href="/J2013-8-27Session/SessionDemo1" target="_blank">购买</a>
<a href="/J2013-8-27Session/SessionDemo2" target="_blank">结账</a>
</body>
</html>
登录表单:
<html>
<head>
<title>loginl.html</title>
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
</head>
<body>
<form action="/J2013-8-27Session/LoginServlet" method="post">
用户名:<input type="text" name="username"><br/>
密 码:<input type="password" name="password"><br/>
<input type="submit" name="submit" value="登陆">
</form>
</body>
</html>
处理登录:
package come.guigu.login;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import come.guigu.util.ConfigManager;
//处理表单请求
//做登陆就是这个模板,记住!
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
//拿到用户提交过来的用户名和密码
String username = request.getParameter("username");
String password = request.getParameter("password");
//得到所有用户的集合
List<User> list = DB.getAll();
//验证用户名和密码
for(User user : list) {
if(user.getUsername().equals(username) && user.getPassword().equals(password)) {
//登陆成功,在session里面做一个标记就行了,当用户在访问别的servlet的时候,
//别的servlet要想知道用户有没有登陆成功,只要看session里面有没有标记,有标记,说明
//用户登陆成功,就可以让用户访问
request.getSession().setAttribute("user", user); //登陆成功,向session存入一个登陆标记
//跳到首页,用重定向,要知道用户到首页上去了
response.sendRedirect("/J2013-8-27Session/index.jsp");
return;
}
}
out.println("用户名和密码不正确!");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
//用类来模拟数据库,存储着用户
class DB {
public static List<User> list = new ArrayList<User>();
//初始化用户
static {
list.add(new User("aaa", "123"));
list.add(new User("bbb", "123"));
list.add(new User("ccc", "123"));
}
public static List<User> getAll() {
return list;
}
}
package come.guigu.login;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
//完成用户注销
public class LoginOutServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
if(session == null) {
response.sendRedirect("/J2013-8-27Session/index.jsp");
return;
}
session.removeAttribute("user");
response.sendRedirect("/J2013-8-27Session/index.jsp");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}