会话
概述:一次会话中包含多次的响应和请求(浏览器第一次给服务器资源发送请求,会话建立,直到一方断开,会话结束)
功能:在一次的会话范围内多次请求间共享数据,例如:浏览器会自动记录你的搜索历史
方式:客户端会话技术:Cookie,服务器端会话技术:Session
Cookie
步骤:①创建Cookie对象
②发送Cookie对象
③获取Cookie,共享数据
Cookie cookie = new Cookie("name","value"); response.addCookie(cookie); Cookie[] c = request.getCookies(); //遍历 for(Cookie cookie1 : c){ String name = cookie1.getName(); String value = cookie1.getValue(); System.out.println(name + ":" + value); }
实现原理:基于响应头 set-cookie和请求头cookie实现
cookie细节:1、可创建多个cookie对象,使用response对象发送
2、默认情况下,浏览器关闭之后,cookie信息销毁;使用setMaxAge(int seconds)可以设置cookie信息存活时间,参数为正,是cookie信息存活时间;参数为负,是默认情况;参数为0,直接删除cookie信息。
Cookie信息共享问题
1、默认情况下,cookie信息不能共享。使用setPath(String path),如果需要共享数据,将path设置为"/"
2、不同tomcat服务器之间的cookie共享:设置一级域名相同,多个服务器之间cookie数据可共享 setDomain(".baidu.com")百度贴吧和百度新闻数据可以共享
Cookie特点:①cookie存储数据在客户端浏览器;②存储大小为4kb,存储数量为20个
Cookie作用:①存储不重要的信息;②在不登录的情况下识别用户
这是一个记录访问时间的Cookie案例
import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; //能够记录访问时间 @WebServlet(name = "Cookietest", value = "/Cookietest") public class Cookietest extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); //获取cookie数据 Cookie[] cookies = request.getCookies(); boolean flag = false; //遍历数据 if(cookies != null && cookies.length > 0){ for (Cookie cookie : cookies) { //获取cookie名称 String name = cookie.getName(); //判断是否有lastTime if("lastTime".equals(name)){ //不是第一次访问 flag = true; Date date = new Date(); SimpleDateFormat sd = new SimpleDateFormat("yyyy年MM月dd日HH:mm:ss"); String date1 = sd.format(date); cookie.setValue(date1); //设置cookie存活3分钟 cookie.setMaxAge(60*3); response.addCookie(cookie); //响应数据 String value = cookie.getValue(); response.getWriter().write("欢迎回来,你上次的访问时间为"+value); break; } } } if(cookies == null || cookies.length == 0 || flag == false){ Date date = new Date(); SimpleDateFormat sd = new SimpleDateFormat("yyyy年MM月dd日HH:mm:ss"); String date1 = sd.format(date); Cookie cookie = new Cookie("lastTime",date1); cookie.setValue(date1); cookie.setMaxAge(60*3); response.addCookie(cookie); response.getWriter().write("欢迎你,第一次来"+ cookie.getValue()); } } }
Session
服务器端会话技术
HttpSession session = request.getSession();//获取Session session.setAttribute("name","value");//存储数据 Object session1 = request.getAttribute("name");//获取数据
原理:session的实现依赖于cookie
细节:①客户端关闭,服务端不关闭,两次的session不同,实现相同,使用cookie的getId()方法进行持久化
HttpSession session = request.getSession(); System.out.ptintln(session); Cookie cookie = new Cookie("JSESSIONID",session.getId()); cookie.setMaxAge(int seconds); response.addCookie(cookie);
②session钝化:服务器正常关闭之前,将session对象系统化到硬盘;session活化:服务器启动后,将session文件转化为内存的session对象
③session销毁
服务器关闭;session对象调用invalidate()
Session特点
1、存储一次会话,多次请求数据,存于服务器端
2、Session可存储任意类型、任意大小的数据
Session与Cookie区别
1、session放在服务器端,cookie放在客户端
2、session数据相对安全
3、session数据存储无限制,cookie则有
Session案例,登录,能够检索验证码
验证码
package Session; import javax.imageio.ImageIO; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.awt.*; import java.awt.image.BufferedImage; import java.io.IOException; import java.util.Random; @WebServlet(name = "CheckCode1", value = "/CheckCode1") public class CheckCode1 extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //创建一个对象 int width = 100; int height = 50; BufferedImage image = new BufferedImage(width,height,BufferedImage.TYPE_3BYTE_BGR); //填充背景颜色 Graphics g = image.getGraphics();//画笔 g.setColor(Color.cyan);//设置画笔颜色 g.fillRect(0,0,width,height); //画边框 g.setColor(Color.black); g.drawRect(0,0,width-1,height-1); //随机码 String str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; Random ran = new Random(); StringBuilder sb = new StringBuilder(); for(int i=1;i<=4;i++){ int index = ran.nextInt(str.length()); char ch = str.charAt(index); sb.append(ch); g.drawString(ch+"",width/5*i,height/2); } String checkCode_session = sb.toString(); //将验证码存入session request.getSession().setAttribute("checkCode_session",checkCode_session); //写验证码 // g.drawString("a",20,25); // g.drawString("b",40,25); // g.drawString("c",60,25); // g.drawString("d",80,25); //随机划线 g.setColor(Color.BLUE); for(int i=1;i<10;i++){ int x1 = ran.nextInt(width); int y1 = ran.nextInt(height); int x2 = ran.nextInt(width); int y2 = ran.nextInt(height); g.drawLine(x1,y1,x2,y2); } //图片输出 ImageIO.write(image,"png",response.getOutputStream()); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request,response); } }
登录后台
package Servlet; import Bean.User; import dao.UserDao; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; @WebServlet(name = "Logon", value = "/Logon") public class Logon extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); String username = request.getParameter("username"); String password = request.getParameter("password"); String checkcode = request.getParameter("checkcode"); User user = new User(); user.setUsername(username); user.setPassword(password); UserDao userDao = new UserDao(); User user1 = userDao.login(user); //获取生成的验证码 HttpSession session = request.getSession(); String checkCode_session = (String) session.getAttribute("checkCode_session"); //删除session中的验证码,保证验证码一次有效 session.removeAttribute("checkCode_session"); //判断验证码,忽略大小写 if(checkCode_session != null && checkCode_session.equalsIgnoreCase(checkcode)){ if(user1 != null){ // response.getWriter().append("登陆成功,欢迎你"); session.setAttribute("username",username); response.sendRedirect(request.getContextPath()+"/success.jsp"); }else{ // response.getWriter().append("登陆失败,用户名或密码错误"); request.setAttribute("login_error","用户名或密码错误"); request.getRequestDispatcher("/Login.jsp").forward(request,response); } }else{ request.setAttribute("code_error","验证码错误"); request.getRequestDispatcher("/Login.jsp").forward(request,response); } } }
这里使用数据库中的数据
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>登录</title> <script> onl oad = function () { document.getElementById("img").onclick = function () { this.src = "/CheckCode1?time"+new Date().getTime(); } } </script> </head> <body> <table> <form action="/Logon" method="post"> <tr> <td>用户名</td> <td><input type="text" name="username"></td> </tr> <tr> <td>密码</td> <td><input type="password" name="password"></td> </tr> <tr> <td>验证码</td> <td><input type="text" name="checkcode"></td> </tr> <tr> <td colspan="2"><img src="/CheckCode1" id="img"></td> </tr> <tr> <td colspan="2"><input type="submit" value="登录"></td> </tr> </form> </table> <div><%=request.getAttribute("login_error") == null ? "" : request.getAttribute("login_error")%></div> <div><%=request.getAttribute("code_error") == null ? "" : request.getAttribute("code_error")%></div> </body> </html>