会话及会话技术
**概念:**在web开发中,服务器跟踪用户的技术为会话技术
Cookie对象
1.Cookie的工作流程
- cookie可以将会话中的数据保存在浏览器中,通过在响应中添加Set-Cookie头字段将数据保存在自身的缓存中去
- cookie由浏览器创建
- cookie在每次请求都会被带到服务器中
2.Cookie API(8个)
- 构造方法
public Cookie(String name, String value)
注意:在cookie中name是不可以被修改的,value可以修改
- 常用方法
与本身形式有关的方法
String getName();
void setValue(String name);
String getValue();
在浏览器上保存的时间
void setMaxAge(int m) 默认:m < 0
m > 0 浏览器会将Cookie信息保存到本地磁盘
m < 0 (默认)浏览器会将Cookie信息保存到浏览器缓存,浏览器关闭失效
m = 0 浏览器会立即删除Cookie的信息
int getMaxAge()
设置访问路径
void setPath(String url)
不设置url:只对当前访问路径及其子目录有效
设置url为"/":对站点下的所有目录下的访问路径有效
String getPath()
获取cookie对象
Cookie[] cookies = request.getCookie();
将cookie对象送至浏览器端
response.addCookie(Cookie cookie);
3.案例:显示用户上次访问时间
package com.tyut.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.text.SimpleDateFormat;
import java.util.Date;
@WebServlet("/lastAccessServlet")
public class LastAccessServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//创建响应消息的编码格式
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
//因为localhost可能已经存有某些cookie,因此判断是否为首次访问时需要一个标记符号
boolean flag = false;
//获取cookie对象
Cookie[] cookies = request.getCookies();
//获取时间对象
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy年MM月dd日-HH:mm:ss");
String format = simpleDateFormat.format(new Date());
if (cookies != null && cookies.length > 0) {//cookie对象不为空
for (Cookie cookie : cookies) {
if (cookie.getName().equals("lastTime")) {
flag = true;
out.write("上次访问网站的时间为" + cookie.getValue());
//更新cookie的信息
cookie.setValue(format);
cookie.setMaxAge(30);
//返回cookie对象
response.addCookie(cookie);
break;
}
}
}
if (cookies == null || cookies.length == 0 || flag == false) {
out.write("欢迎首次访问此页面!!!");
Cookie cookie = new Cookie("lastTime", format);
//设置cookie的信息
cookie.setValue(format);
cookie.setMaxAge(30);
//返回cookie对象
response.addCookie(cookie);
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}
4.中文传递
注意:在Tomcat8之后就不存在此问题
String vaule="中文";
//将中文转码成UTL编码
value=URLEncoder.encode(vaule,"UTF-8");
//UTL解码
URLDecoder.decode(value,"UTF-8");
Session对象
1.Session的工作流程
-
当浏览器第一次请求动态资源(Servlet/Jsp)时,Servlet容器会自动创建一个Sesstion对象和id属性
-
依靠cookie将session id发送至浏览器端保存
-
之后每次请求浏览器都会携带session id返回至服务器
-
Session是为每一个浏览器对象所创建的
2.Session的优点
- Session具有更高的安全性,因为session是保存在服务器端的
- 减少数据传输,减少带宽,因为每次传输的均是sessionId
3.HttpSession Api
- 获取session对象
request.getSession(boolean create)
1.public HttpSession getSession(boolean create);
如果create为true:在session存在的情况下返回HttpSession对象,不存在的情况下创建一个新session对象
如果create为false:在session存在的情况下返回HttpSession对象,不存在的情况下创建一个null
2.public HttpSession getSession();//和boolean create为true一样
- 常用方法
获得Session中的内容
String getId()//返回HttpSession对象关联的会话标识号
long getCreationTime()//返回Session创建的时间(ms)
long getLastAccessedTime()//返回最后一次与Session相关请求的时间(ms)
ServletContext getServletContext()//返回Session所在的ServletContext对象
与Session生命周期有关的方法
void setMaxInactiveInterval()//设置默认超时时间间隔
int getMaxInactiveInterval()//获得默认超时时间间隔
boolean isNew()//判断对象是否为新创建的对象
void invalidate()//强制使Session对象无效
与Session域对象有关的方法
void setAttribute(String name, Object value)
String getAttribute()
Enumeration getAttributeNames()
void removeAttribute(String name)
4.Session的生命周期
- Session的生效
1.浏览器第一次访问服务器的动态资源生效,由web容器为浏览器创建一个Session和Id
2.通过request.getSession(true)强制生效
- Session的失效
1.超时限制
//设置超时的三种方法
1.web.xml中设置超时(单位为分钟)
<session-config>
<session-timeout>30</session-timeout>
</session-config>
2.手动设置session的超时时间
setMaxInactiveInterval(30*60)
3.全局配置session的超时时间,在tomcat中web.xml配置,使得在Tomcat下所有的session有效
默认为30分钟,修改为0或负数表示永不超时
<session-config>
<session-timeout>30</session-timeout>
</session-config>
2.强制失效
void invalidate()//强制使Session对象无效
3.关闭浏览器,session对象存在但会失效,因为session是为每一个浏览器对象创建的
5.案例一:购物车
ListCakeServlet.java
package com.tyut.servlet;
import com.tyut.entity.Cake;
import com.tyut.util.CakeDB;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
//展示蛋糕的信息
@WebServlet("/listCakeServlet")
public class ListCakeServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//创建响应消息的编码格式
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
// 获取蛋糕的信息并写入到Servlet页面
out.write("<h3>本店拥有的蛋糕如下:</h3><br>");
Collection<Cake> cakeList = CakeDB.getAll();
for (Cake cake : cakeList) {
String url = "purchaseServlet?cakeId=" + cake.getCakeId();//要超链接的页面
out.write(cake.getCakeName() + " 价格为:" +cake.getPrice() + "元 <a href= " + url + ">点击购买</a><br>");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}
PurchaseServlet.java
package com.tyut.servlet;
import com.tyut.entity.Cake;
import com.tyut.util.CakeDB;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
//用于添加要购买的商品到购物车的信息
@WebServlet("/purchaseServlet")
public class PurchaseServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String id = request.getParameter("cakeId");//获取要购买商品的id号
if (id == null) {//如果id为空则跳转到购买页面不进行处理
response.sendRedirect("listCakeServlet");
return;
}
Cake cake = CakeDB.getCakeById(id);//根据id获取蛋糕
if (cake == null) {//如果蛋糕不存在则跳转到购买页面不进行处理
response.sendRedirect("listCakeServlet");
return;
}
// 蛋糕存在,将其添加到购物车中去
HttpSession session = request.getSession();
List<Cake> cart = (List<Cake>) session.getAttribute("cart");
if (cart == null) {//如果与对象不在,创建此域对象
cart = new ArrayList<Cake>();
session.setAttribute("cart", cart);
}
cart.add(cake);
// 将Session ID传给浏览器端
Cookie cookie = new Cookie("sessionId", session.getId());
cookie.setMaxAge(60);
cookie.setPath("/");
response.addCookie(cookie);
// 跳转到购物车页面
response.sendRedirect("cartServlet");
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}
CartServlet.java
package com.tyut.servlet;
import com.tyut.entity.Cake;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
//用来展示购物车的信息
@WebServlet("/cartServlet")
public class CartServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//创建响应消息的编码格式
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
List<Cake> cart = null;
boolean flag = true;
//获取购物车
HttpSession session = request.getSession(false);
if (session == null) flag = false;
else {
cart = (List<Cake>) session.getAttribute("cart");
if (cart == null) flag = false;
}
if (!flag) {
out.write("您未购买任何东西");
} else {
//展示购物车
double total = 0;
out.write("<h3>购物车信息如下:</h3>");
for (Cake cake : cart) {
total += cake.getPrice();
out.write(cake.getCakeName() + "<br>");
}
out.write("<h4>总计:</h4>" + total + "元");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}
6.案例二:模拟用户登录
IndexServlet.java
package com.tyut.servlet;
import com.tyut.entity.User;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;
@WebServlet("/indexServlet")
public class IndexServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
User user =(User) session.getAttribute("user");
if (user == null) {
out.write("您还没有登录,请先" + "<a href=/web01/login.html>登录</a>");
} else {
String name = user.getUserName();
out.write("欢迎" + name + "祝您用网愉快!!!" + "<a href=/web01/logoutServlet>退出<a>");
}
}
}
LoginServlet.java
package com.tyut.servlet;
import com.tyut.entity.User;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;
@WebServlet("/loginServlet")
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
if ("zhangsan".equals(username) && "123456".equals(password)) {
HttpSession session = request.getSession();
User user = new User(username, password);
session.setAttribute("user", user);
Cookie cookie = new Cookie("sessionId", session.getId());
cookie.setMaxAge(60);
cookie.setPath("/");
response.addCookie(cookie);
response.sendRedirect("indexServlet");
} else {
out.write("用户名和密码不匹配,请重新输入");
// response.sendRedirect("/web01/login.html");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}
LogoutServlet.java
package com.tyut.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
@WebServlet("/logoutServlet")
public class LogoutServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
session.invalidate();
response.sendRedirect("indexServlet");
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}