标签 : Java与Web
HTTP本身是“无状态”协议,它不保存连接交互信息,一次响应完成之后即连接断开,下一次请求需要重新建立连接,服务器不记录上次连接的内容.因此如果判断两次连接是否是同一用户, 就需要使用会话跟踪技术来解决.常见的会话跟踪技术有如下几种:
Cookie的key/value均不能保存中文,如果需要,可以在保存前对中文进行编码, 取出时再对其解码.
在Java中使用Cookie, 必须熟悉javax.servlet.http.Cookie
类, 以及HttpServletRequest
Cookie | 描述 |
Cookie(String name, String value) |
Constructs a cookie with the specified name and value. |
String getName() |
Returns the name of the cookie. |
String getValue() |
Gets the current value of this Cookie. |
void setValue(String newValue) |
Assigns a new value to this Cookie. |
void setMaxAge(int expiry) |
Sets the maximum age in seconds for this Cookie. |
int getMaxAge() |
Gets the maximum age in seconds of this Cookie. |
void setPath(String uri) |
Specifies a path for the cookie to which the client should return the cookie. |
void setDomain(String domain) |
Specifies the domain within which this cookie should be presented. |
Request | 描述 |
Cookie[] getCookies() |
Returns an array containing all of the Cookie objects the client sent with this request. |
Response | 描述 |
void addCookie(Cookie cookie) |
Adds the specified cookie to the response. |
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
Cookie latCookie = null;
if (cookies != null){
for (Cookie cookie : cookies){
if (cookie.getName().equals(L_A_T)){
latCookie = cookie;
// 已经访问过了
if (latCookie != null){
printResponse("您上次访问的时间是" + latCookie.getValue(), response);
latCookie.setValue(new Date().toString());
} else{
printResponse("您还是第一次访问", response);
latCookie = new Cookie(L_A_T, new Date().toString());
private void printResponse(String data, HttpServletResponse response) throws IOException {
response.setContentType("text/html; charset=utf-8");
response.getWriter().print("<H1>" + data + "</H1>");
与setMaxAge(int maxAge)
Max-Age | 描述 |
0 |
Cookie立即作废(如果原先浏览器已经保存了该Cookie,那么可以通过设置Max-Age为0使其失效) |
< 0 |
默认,表示只在浏览器内存中存活,一旦浏览器关闭则Cookie销毁 |
> 0 |
将Cookie持久化到硬盘上,有效期由Max-Age决定 |
服务器可向Set-Cookie响应首部添加一个Domain属性来控制哪些站点可以看到该Cookie, 如
Set-Cookie: last_access_time="xxx"; Domain=.fq.com
该响应首部就是在告诉浏览器将Cookie last_access_time="xxx"
发送给域”.fq.com”中的所有站点(如www.fq.com, mail.fq.com).
如果没有指定域, 则Domain默认为产生Set-Cookie响应的服务器主机名.
Set-Cookie:last_access_time="Tue Apr 26 19:35:16 CST 2016"; Path=/servlet/
,但如果访问http://www.example.com/servlet/index.html, 就会带上这个Cookie.
如果没有指定路径, Path默认为产生Set-Cookie响应的URL的路径.
在所有的会话跟踪技术中, Session是功能最强大,最多的. 每个用户可以没有或者有一个HttpSession对象, 并且只能访问他自己的Session对象.
与URL重写, 隐藏表单域和Cookie不同, Session是保存在服务器内存中的数据,在达到一定的阈值后, Servlet容器会将Session持久化到辅助存储器中, 因此最好将使保存到Session内的对象实现
使用Session, 必须熟悉javax.servlet.http.HttpSession
接口, 以及HttpServletRequest
HttpSession | 描述 |
void setAttribute(String name, Object value) |
Binds an object to this session, using the name specified. |
Object getAttribute(String name) |
Returns the object bound with the specified name in this session, or null if no object is bound under the name. |
void invalidate() |
Invalidates this session then unbinds any objects bound to it. |
Enumeration<String> getAttributeNames() |
Returns an Enumeration of String objects containing the names of all the objects bound to this session. |
void removeAttribute(String name) |
Removes the object bound with the specified name from this session. |
String getId() |
Returns a string containing the unique identifier assigned to this session. |
boolean isNew() |
Returns true if the client does not yet know about the session or if the client chooses not to join the session. |
Request | 描述 |
HttpSession getSession() |
Returns the current session associated with this request, or if the request does not have a session, creates one. |
HttpSession getSession(boolean create) |
Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session. |
String getRequestedSessionId() |
Returns the session ID specified by the client. |
* @author jifang.
* @since 2016/5/1 20:14.
public class Product implements Serializable {
private int id;
private String name;
private String description;
private double price;
public Product(int id, String name, String description, double price) {
this.id = id;
this.name = name;
this.description = description;
this.price = price;
// ...
public class ShoppingItem implements Serializable {
private Product product;
private int quantity;
public ShoppingItem(Product product, int quantity) {
this.product = product;
this.quantity = quantity;
// ...
<%@ page import="com.fq.web.domain.Product" %>
<%@ page import="com.fq.web.util.ProductContainer" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
for (Product product : ProductContainer.products) {
(<a href="${pageContext.request.contextPath}/jsp/product_details.jsp?id=<%=product.getId()%>">Details</a>)
<a href="${pageContext.request.contextPath}/jsp/shopping_cart.jsp">Shopping Cart</a>
<%@ page import="com.fq.web.domain.Product" %>
<%@ page import="com.fq.web.util.ProductContainer" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<title>Product Details</title>
<h2>Product Details</h2>
int id = Integer.parseInt(request.getParameter("id"));
Product product = ProductContainer.getProduct(id);
assert product != null;
<form action="${pageContext.request.contextPath}/session/add_to_card.do" method="post">
<input type="hidden" name="id" value="<%=id%>"/>
<td><input type="text" name="quantity"></td>
<td><input type="submit" value="Buy"></td>
<td><a href="${pageContext.request.contextPath}/jsp/products.jsp">Products</a></td>
<td><a href="${pageContext.request.contextPath}/jsp/shopping_cart.jsp">Shopping Cart</a></td>
@WebServlet(name = "AddCardServlet", urlPatterns = "/session/add_to_card.do")
public class AddCardServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
int id = Integer.parseInt(request.getParameter("id"));
Product product = ProductContainer.getProduct(id);
int quantity = Integer.parseInt(request.getParameter("quantity"));
HttpSession session = request.getSession();
List<ShoppingItem> items = (List<ShoppingItem>) session.getAttribute(SessionConstant.CART_ATTRIBUTE);
if (items == null) {
items = new ArrayList<ShoppingItem>();
session.setAttribute(SessionConstant.CART_ATTRIBUTE, items);
items.add(new ShoppingItem(product, quantity));
request.getRequestDispatcher("/jsp/products.jsp").forward(request, response);
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
<%@ page import="com.fq.web.constant.SessionConstant" %>
<%@ page import="com.fq.web.domain.ShoppingItem" %>
<%@ page import="java.util.List" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<title>Shopping Cart</title>
<h2>Shopping Cart</h2>
<a href="${pageContext.request.contextPath}/jsp/products.jsp">Products</a>
<td style="width: 150px">Quantity</td>
<td style="width: 150px">Product</td>
<td style="width: 150px">Price</td>
List<ShoppingItem> items = (List<ShoppingItem>) session.getAttribute(SessionConstant.CART_ATTRIBUTE);
if (items != null) {
double total = 0.0;
for (ShoppingItem item : items) {
double subtotal = item.getQuantity() * item.getProduct().getPrice();
total += subtotal;
<td>Total: <%=total%>
Session有一定的过期时间: 当用户长时间不去访问该Session,就会超时失效,虽然此时sessionID可能还在Cookie中, 只是服务器根据该sessionID已经找不到Session对象了.
Session的超时时间可以在web.xml中配置, 单位为分钟:
另外一种情况: 由于sessionID保存在Cookie中且Max-Age为-1
,因此当用户重新打开浏览器时已经没有sessionID了, 此时服务器会再创建一个Session,此时新的会话又开始了.而原先的Session会因为超时时间到达而被销毁.
字符编码就是以二进制的数字来对应字符集的字符,常见字符编码方式有:ISO-8859-1(不支持中文),GB2312,GBK,UTF-8等.在JavaWeb中, 经常遇到的需要编码/解码的场景有响应编码/请求编码/URL编码:
在需要发送中文时, 需要使用:
// getWriter() ...
// getWriter() ...
注意: 这句代码不只在响应头中添加了编码信息,还相当于调用了一次
浏览器 | 编码 |
IE/FireFox | GB2312 |
Chrome | UTF-8 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
private Map<String, String> convertToParameterMap(HttpServletRequest request) throws UnsupportedEncodingException {
Enumeration<String> names = request.getParameterNames();
Map<String, String> parameters = new HashMap<String, String>();
if (names != null) {
while (names.hasMoreElements()) {
String name = names.nextElement();
String value = request.getParameter(name);
parameters.put(name, new String(value.getBytes("ISO-8859-1"), "UTF-8"));
return parameters;
private Map<String, String> convertToParameterMap(HttpServletRequest request) throws IOException {
Map<String, String> parameters = new HashMap<String, String>();
if (request.getMethod().equals("POST")) {
Enumeration<String> names = request.getParameterNames();
while (names.hasMoreElements()) {
String key = names.nextElement();
parameters.put(key, request.getParameter(key));
} else {
Enumeration<String> names = request.getParameterNames();
while (names.hasMoreElements()) {
String key = names.nextElement();
String value = request.getParameter(key);
parameters.put(key, new String(value.getBytes("ISO-8859-1"), "UTF-8"));
return parameters;
网络标准RFC 1738规定:
“…Only alphanumerics
, the special characters"$-_.+!*‘(),"
[not including the quotes - ed], and reserved characters used for their reserved purposes may be used unencoded within a URL.”
如果URL中有汉字,就必须编码后使用, 而URL编码过程其实很简单:
这个编码过程在Java中已经封装成了现成的库, 可直接使用:
URLEncoder | 描述 |
static String encode(String s, String enc) |
Translates a string into application/x-www-form-urlencoded format using a specific encoding scheme. |
URLDecoder | 描述 |
static String decode(String s, String enc) |
Decodes a application/x-www-form-urlencoded string using a specific encoding scheme. |
注: 在Web中Tomcat容器会自动识别URL是否已经编码并自动解码.
更多有关编码知识, 可以参考:
1. 阮一峰: 关于URL编码
2. Web开发者应知的URL编码知识
3. 字符集和字符编码(Charset & Encoding)