cookie以及session
2019-05-10 本文已影响0人
骏龙ll
一、cookie
在程序中,会话跟踪是很重要的事情。理论上,一个用户的所有请求操作都应该属于同一个会话,而另一个用户的所有请求操作则应该属于另一个会话,二者不能混淆。例如,用户A在超市购买的任何商品都应该放在A的购物车内,不论是用户A什么时间购买的,这都是属于同一个会话的,不能放入用户B或用户C的购物车内,这不属于同一个会话。
而Web应用程序是使用HTTP协议传输数据的。HTTP协议是无状态的协议。一旦数据交换完毕,客户端与服务器端的连接就会关闭,再次交换数据需要建立新的连接。这就意味着服务器无法从连接上跟踪会话。即用户A购买了一件商品放入购物车内,当再次购买商品时服务器已经无法判断该购买行为是属于用户A的会话还是用户B的会话了。要跟踪该会话,必须引入一种机制。
Cookie就是这样的一种机制。它可以弥补HTTP协议无状态的不足。在Session出现之前,基本上所有的网站都采用Cookie来跟踪会话。
cookie存储的长度有限制
cookie是用来在客户端保持http状态信息的方案
cookie的形式是名值对,第一次访问服务器时,服务器会发送一个cookie给浏览器叫jsessionid(一个16进制数),存储在浏览器里。后续浏览器再次向服务器发送请求是会带着jsessionid过去,服务器就会依靠着jsessionid的不同去区分谁在访问
工作机制
7d.pngCookie默认是会话级别的,关闭浏览器就在浏览器内存中消失
重要方法
创建Cookie
Cookie cookie1 = new Cookie("java2_username", username);
设置持久化Cookie,以秒为单位,持久化的Cookie会保存在本地磁盘
cookie1.setMaxAge(60*60);
颁发Cookie
response.addCookie(cookie1);
典型应用 -- 记录登录名和密码
reLogin.java
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>ReLogin Page</h1>
<form action="${ pageContext.request.contextPath }/login2" method="post">
<p><input type="text" name="username" value="${ java2_username }"></p>
<p><input type="password" name="password" value="${ java2_password }"></p>
<button>提交</button>
</form>
</body>
</html>
Login2Servlet.java
package com.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class Login2Servlet
*/
@WebServlet("/login2")
public class Login2Servlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
Userinfo user = new Userinfo();
user.setUsername(username);
user.setPassword(password);
request.getSession().setAttribute("loginUser", user);
// new
Cookie cookie1 = new Cookie("java2_username", username);
Cookie cookie2 = new Cookie("java2_password", password);
// 磁盘
cookie1.setMaxAge(60*60);
cookie2.setMaxAge(60*60);
response.addCookie(cookie1);
response.addCookie(cookie2);
response.sendRedirect(request.getContextPath()+"/success.jsp");
}
}
GoReloginServlet.java
package com.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class GoReloginServlet
*/
@WebServlet("/relogin")
public class GoReloginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public GoReloginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String name = "";
String pass = "";
Cookie cookies[] = request.getCookies();
for(Cookie cookie : cookies){
if(cookie.getName().equals("java2_username")){
name = cookie.getValue();
}
if(cookie.getName().equals("java2_password")){
pass = cookie.getValue();
}
}
request.setAttribute("java2_username", name);
request.setAttribute("java2_password", pass);
request.getRequestDispatcher("/reLogin.jsp").forward(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
存在的问题
只能保存文本信息,有内容长度限制,默认是明文