本文介绍了JavaWeb中Cookie和Session的基本概念与操作。Cookie用于在客户端存储键值对,大小有限制,服务器通过req.getCookies()获取;Session是HttpSession接口,用于维护客户端与服务器的关联,用于保存用户登录信息。创建Session使用request.getSession(),通过setMaxInactiveInterval()控制生命周期。Cookie的path属性控制发送范围,Session通过getId()获取唯一ID。
1. Cookie饼干
1.1 什么是Cookie
- Cookie是服务器通知客户端保存键值对的一种技术
- 客户端有了Cookie后,每次请求都发送给服务器
- 每个cookie大小不能超过4kb
1.2 cookie的创建
public class CookieServlet extends BaseServlet {
protected void createCookie(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//创建cookie对象
Cookie cookie1 = new Cookie("key1", "value1");
Cookie cookie2 = new Cookie("name", "gau");
//通知客户端保存cookie
resp.addCookie(cookie1);
resp.addCookie(cookie2);
resp.getWriter().write("cooke创建成功");
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
}
1.3 服务器如何获取cookie
- 服务器获取客户端的cookie只需要一行代码req.getCookies().Cookie[]
public class CoolieUtils {
//查找指定名称的cookie对象
public static Cookie findCookie(String name, Cookie[] cookies) {
if (name == null || cookies == null || cookies.length == 0) {
return null;
}
for (Cookie cookie : cookies) {
if (name.equals(cookie.getName())) {
return cookie;
}
}
return null;
}
}
protected void getCookie(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie[] cookies = req.getCookies();
Cookie iWantCoolie = CoolieUtils.findCookie("name", cookies);
// for (Cookie cookie : cookies) {
// resp.getWriter().write("cookie[" + cookie.getName() + "=" + cookie.getValue() + "]<br/>");
// if ("name".equals(cookie.getName())) {
// iWantCoolie = cookie;
// break;
// }
// }
//找到了需要的cookie
if (iWantCoolie != null) {
resp.getWriter().write("cookie find");
}
}
1.4 cookie值的修改
- 方案一:创建一个要修改的同名的cookie对象
- 在构造器,同时赋予新的cookie值
- 调用response.addCookie(cookie);
protected void updateCookie(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = new Cookie("name", "gai");
resp.addCookie(cookie);
resp.getWriter().write("cookie修改");
}
- 方案二:先查找到需要修改的cookie对象
- 调用setValue()方法赋予新的cookie值
- 调用response.addCooike()通知客户端保存修改
protected void updateCookie(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = CoolieUtils.findCookie("name", req.getCookies());
if (cookie != null) {
cookie.setValue("gei");
resp.addCookie(cookie);
}
}
1.5 cookie声明控制
- 如何管理cookie什么时候被销毁(删除)
- setMaxAge()
- 正值表示在指定的秒数后过期
- 负值表示浏览器退出,cookie删除(默认)
- 0表示马上删除cookie
}
protected void defaultLife(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = new Cookie("defalutLife", "defalutLife");
cookie.setMaxAge(-1);
resp.addCookie(cookie);
}
protected void deleteNow(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = CoolieUtils.findCookie("name", req.getCookies());
if (cookie != null) {
cookie.setMaxAge(0);//不用等待浏览器关闭马上删除
resp.addCookie(cookie);
resp.getWriter().write("delete cookie");
}
}
protected void life(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = new Cookie("life", "life");
cookie.setMaxAge(3600);
resp.addCookie(cookie);
resp.getWriter().write("3600");
}
1.6 cookie有效路径Path的设置
- cookie的path属性可以有效的过滤哪些cookie可以发送给服务器,哪些不发
- path属性是通过请求的地址来进行有效的过滤
CookieA path=/工程路径
CookieB path=/工程路径/abc
请求地址如下
http://ip:port/工程路径/a.html
cookieA发送 cookieB不发送
http://ip:port/工程路径/abc/a.html
cookieA发送 cookieB发送
protected void testPath(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = new Cookie("path1", "path1");
//getContextPath()得到工程路径
cookie.setPath(req.getContextPath() + "/abc");
resp.addCookie(cookie);
resp.getWriter().write("path cookie");
}
1.7 练习:免输入用户名登录
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="http://localhost:8080/13_cookie_session/loginServlet" method="get">
用户名:<input type="text" name="username" value="${cookie.username.value}"><br/>
密码:<input type="password" name="password"><br/>
<input type="submit" value="登录">
</form>
</body>
</html>
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
String password = req.getParameter("password");
if ("gai".equals(username) && "1234".equals(password)) {
Cookie cookie = new Cookie("username", username);
cookie.setMaxAge(60 * 60 * 24 * 7);//cookie一周有效
resp.addCookie(cookie);
System.out.println("success");
} else {
System.out.println("failed");
}
}
}
2. Session会话
2.1 什么是Session会话
- Session就是一个接口(HttpSession)
- Session就是会话,他用来维护一个客户端和服务器之间关联的一种技术
- 每个客户端都有自己的一个Session会话
- Session会话中,经常用来保存用户登录之后的信息
2.2 如何创建Session和获取(id号,是否为新)
- request.getSession()第一次调用时创建Session会话
- 之后调用的是获取签名创建好的session会话对象
- isNew()判断到底是不是刚创建出来的
- 每个会话都有一个身份证号,getId()就是ID值,而且这个ID是唯一的
public class SessionServlet extends BaseServlet {
protected void createOrGetSession(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//创建和获取session会话对象
HttpSession session = req.getSession();
//判断当前session会话是否是新创建出来的
boolean isNew = session.isNew();
String id = session.getId();
resp.getWriter().write("id=" + id + "<br/>isNew? " + isNew);
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
}
2.3 Session域数据的存取
//往session中存数据
protected void setAttribute(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.getSession().setAttribute("key1", "value1");
}
//获取session中的数据
protected void getAttribute(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object attribute = req.getSession().getAttribute("key1");
resp.getWriter().write("" + attribute);
}
2.4 Session 生命周期控制
- public void setMaxInactiveInterval(int interval) 设置session以秒为单位的超时时间,超过指定的时长,session就会被销毁
- 负值永不超时(很少使用),invalidate()马上超时无效
- public int getMaxInactiveInterval() 获取session的超时时间,默认30分钟,tomcat配置文件web.xml默认以下配置
- session超时是指客户端两次请求的最大间隔时长
<session-config>
<session-timeout>30</session-timeout>
</session-config>
protected void defaultLife(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
int maxInactiveInterval = req.getSession().getMaxInactiveInterval();
resp.getWriter().write("" + maxInactiveInterval);
}
protected void life(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.getSession().setMaxInactiveInterval(3);
resp.getWriter().write("3s set success");
}
protected void deleteNow(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.getSession().invalidate();
resp.getWriter().write("success");
}
2.5 浏览器和session间的关系
- Session技术,底层其实是基于 Cookie 技术来实现的
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
