会话及会话技术
**概念:**在web开发中,服务器跟踪用户的技术为会话技术
Cookie对象
1.Cookie的工作流程
- cookie可以将会话中的数据保存在浏览器中,通过在响应中添加Set-Cookie头字段将数据保存在自身的缓存中去
- cookie由浏览器创建
- cookie在每次请求都会被带到服务器中
2.Cookie API(8个)
- 构造方法
public Cookie(String name, String value)
注意:在cookie中name是不可以被修改的,value可以修改
- 常用方法
与本身形式有关的方法
String getName();
void setValue(String name);
String getValue();
在浏览器上保存的时间
void setMaxAge(int m) 默认:m < 0
m > 0 浏览器会将Cookie信息保存到本地磁盘
m < 0 (默认)浏览器会将Cookie信息保存到浏览器缓存,浏览器关闭失效
m = 0 浏览器会立即删除Cookie的信息
int getMaxAge()
设置访问路径
void setPath(String url)
不设置url:只对当前访问路径及其子目录有效
设置url为"/":对站点下的所有目录下的访问路径有效
String getPath()
获取cookie对象
Cookie[] cookies = request.getCookie();
将cookie对象送至浏览器端
response.addCookie(Cookie cookie);
3.案例:显示用户上次访问时间
package com.tyut.servlet;import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.text.SimpleDateFormat;
import java.util.Date;@WebServlet("/lastAccessServlet")
public class LastAccessServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {//创建响应消息的编码格式response.setContentType("text/html;charset=utf-8");PrintWriter out = response.getWriter();//因为localhost可能已经存有某些cookie,因此判断是否为首次访问时需要一个标记符号boolean flag = false;//获取cookie对象Cookie[] cookies = request.getCookies();//获取时间对象SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy年MM月dd日-HH:mm:ss");String format = simpleDateFormat.format(new Date());if (cookies != null && cookies.length > 0) {//cookie对象不为空for (Cookie cookie : cookies) {if (cookie.getName().equals("lastTime")) {flag = true;out.write("上次访问网站的时间为" + cookie.getValue());//更新cookie的信息cookie.setValue(format);cookie.setMaxAge(30);//返回cookie对象response.addCookie(cookie);break;}}}if (cookies == null || cookies.length == 0 || flag == false) {out.write("欢迎首次访问此页面!!!");Cookie cookie = new Cookie("lastTime", format);//设置cookie的信息cookie.setValue(format);cookie.setMaxAge(30);//返回cookie对象response.addCookie(cookie);}}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doGet(request, response);}
}4.中文传递
注意:在Tomcat8之后就不存在此问题
String vaule="中文";
//将中文转码成UTL编码
value=URLEncoder.encode(vaule,"UTF-8");
//UTL解码
URLDecoder.decode(value,"UTF-8");
Session对象
1.Session的工作流程
-
当浏览器第一次请求动态资源(Servlet/Jsp)时,Servlet容器会自动创建一个Sesstion对象和id属性
-
依靠cookie将session id发送至浏览器端保存
-
之后每次请求浏览器都会携带session id返回至服务器
-
Session是为每一个浏览器对象所创建的
2.Session的优点
- Session具有更高的安全性,因为session是保存在服务器端的
- 减少数据传输,减少带宽,因为每次传输的均是sessionId
3.HttpSession Api
- 获取session对象
request.getSession(boolean create)
1.public HttpSession getSession(boolean create);
如果create为true:在session存在的情况下返回HttpSession对象,不存在的情况下创建一个新session对象
如果create为false:在session存在的情况下返回HttpSession对象,不存在的情况下创建一个null2.public HttpSession getSession();//和boolean create为true一样
- 常用方法
获得Session中的内容
String getId()//返回HttpSession对象关联的会话标识号
long getCreationTime()//返回Session创建的时间(ms)
long getLastAccessedTime()//返回最后一次与Session相关请求的时间(ms)
ServletContext getServletContext()//返回Session所在的ServletContext对象
与Session生命周期有关的方法
void setMaxInactiveInterval()//设置默认超时时间间隔
int getMaxInactiveInterval()//获得默认超时时间间隔
boolean isNew()//判断对象是否为新创建的对象
void invalidate()//强制使Session对象无效
与Session域对象有关的方法
void setAttribute(String name, Object value)
String getAttribute()
Enumeration getAttributeNames()
void removeAttribute(String name)
4.Session的生命周期
- Session的生效
1.浏览器第一次访问服务器的动态资源生效,由web容器为浏览器创建一个Session和Id
2.通过request.getSession(true)强制生效
- Session的失效
1.超时限制
//设置超时的三种方法
1.web.xml中设置超时(单位为分钟)
<session-config><session-timeout>30</session-timeout>
</session-config>
2.手动设置session的超时时间
setMaxInactiveInterval(30*60)
3.全局配置session的超时时间,在tomcat中web.xml配置,使得在Tomcat下所有的session有效
默认为30分钟,修改为0或负数表示永不超时
<session-config><session-timeout>30</session-timeout>
</session-config>
2.强制失效
void invalidate()//强制使Session对象无效
3.关闭浏览器,session对象存在但会失效,因为session是为每一个浏览器对象创建的
5.案例一:购物车
ListCakeServlet.java
package com.tyut.servlet;import com.tyut.entity.Cake;
import com.tyut.util.CakeDB;import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;//展示蛋糕的信息
@WebServlet("/listCakeServlet")
public class ListCakeServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {//创建响应消息的编码格式response.setContentType("text/html;charset=utf-8");PrintWriter out = response.getWriter();// 获取蛋糕的信息并写入到Servlet页面out.write("<h3>本店拥有的蛋糕如下:</h3><br>");Collection<Cake> cakeList = CakeDB.getAll();for (Cake cake : cakeList) {String url = "purchaseServlet?cakeId=" + cake.getCakeId();//要超链接的页面out.write(cake.getCakeName() + " 价格为:" +cake.getPrice() + "元 <a href= " + url + ">点击购买</a><br>");}}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doGet(request, response);}
}PurchaseServlet.java
package com.tyut.servlet;import com.tyut.entity.Cake;
import com.tyut.util.CakeDB;import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;//用于添加要购买的商品到购物车的信息
@WebServlet("/purchaseServlet")
public class PurchaseServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {String id = request.getParameter("cakeId");//获取要购买商品的id号if (id == null) {//如果id为空则跳转到购买页面不进行处理response.sendRedirect("listCakeServlet");return;}Cake cake = CakeDB.getCakeById(id);//根据id获取蛋糕if (cake == null) {//如果蛋糕不存在则跳转到购买页面不进行处理response.sendRedirect("listCakeServlet");return;}// 蛋糕存在,将其添加到购物车中去HttpSession session = request.getSession();List<Cake> cart = (List<Cake>) session.getAttribute("cart");if (cart == null) {//如果与对象不在,创建此域对象cart = new ArrayList<Cake>();session.setAttribute("cart", cart);}cart.add(cake);// 将Session ID传给浏览器端Cookie cookie = new Cookie("sessionId", session.getId());cookie.setMaxAge(60);cookie.setPath("/");response.addCookie(cookie);// 跳转到购物车页面response.sendRedirect("cartServlet");}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doGet(request, response);}
}CartServlet.java
package com.tyut.servlet;import com.tyut.entity.Cake;import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;//用来展示购物车的信息
@WebServlet("/cartServlet")
public class CartServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {//创建响应消息的编码格式response.setContentType("text/html;charset=utf-8");PrintWriter out = response.getWriter();List<Cake> cart = null;boolean flag = true;//获取购物车HttpSession session = request.getSession(false);if (session == null) flag = false;else {cart = (List<Cake>) session.getAttribute("cart");if (cart == null) flag = false;}if (!flag) {out.write("您未购买任何东西");} else {//展示购物车double total = 0;out.write("<h3>购物车信息如下:</h3>");for (Cake cake : cart) {total += cake.getPrice();out.write(cake.getCakeName() + "<br>");}out.write("<h4>总计:</h4>" + total + "元");}}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doGet(request, response);}
}
6.案例二:模拟用户登录
IndexServlet.java
package com.tyut.servlet;import com.tyut.entity.User;import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;@WebServlet("/indexServlet")
public class IndexServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doPost(request, response);}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {response.setContentType("text/html;charset=utf-8");PrintWriter out = response.getWriter();HttpSession session = request.getSession();User user =(User) session.getAttribute("user");if (user == null) {out.write("您还没有登录,请先" + "<a href=/web01/login.html>登录</a>");} else {String name = user.getUserName();out.write("欢迎" + name + "祝您用网愉快!!!" + "<a href=/web01/logoutServlet>退出<a>");}}
}LoginServlet.java
package com.tyut.servlet;import com.tyut.entity.User;import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;@WebServlet("/loginServlet")
public class LoginServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {String username = request.getParameter("username");String password = request.getParameter("password");response.setContentType("text/html;charset=utf-8");PrintWriter out = response.getWriter();if ("zhangsan".equals(username) && "123456".equals(password)) {HttpSession session = request.getSession();User user = new User(username, password);session.setAttribute("user", user);Cookie cookie = new Cookie("sessionId", session.getId());cookie.setMaxAge(60);cookie.setPath("/");response.addCookie(cookie);response.sendRedirect("indexServlet");} else {out.write("用户名和密码不匹配,请重新输入");
// response.sendRedirect("/web01/login.html");}}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doGet(request, response);}
}LogoutServlet.java
package com.tyut.servlet;import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;@WebServlet("/logoutServlet")
public class LogoutServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {HttpSession session = request.getSession();session.invalidate();response.sendRedirect("indexServlet");}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {this.doGet(request, response);}
}![【学习笔记】C++每日一记[20240612]](https://img-blog.csdnimg.cn/direct/8f1e4597cfcc4a4a937e71599467a78f.png)
