标签:
Session:由同一个IE窗口向同一个WEBAPP发的所有请求的总称,一个会话
同一个会话的多个额请求可以从前到后多个请求。??祖给孙,孙不给祖
浏览器:搜集sessionID信息,并发到服务器。没有就不发送。
查找sessionID,若找到,看servlet是否需要session,需要就从服务器内存提取旧的session对象。否则维持旧的Session不动,修改session的使用时间。
如果没找到,看是否需要session,再创建session对象,并且保持session对象在服务器中,把sessionID写到IE中。
sessionID放到IE浏览器,浏览器通过request把id带到服务器端
HttpSession session = request.getSession(false);// 这里false只能用就得Session
True有旧的找旧的,否则建新的
Session.setMaxInactiveInterval两次请求之间的最长的时间间隔单位:s。相当于Session最大存活时间,超过之后服务器销毁这个session。比如登陆之后有一定时间,超出就销毁。0表示立即过期,-1表示永不过期
设置最大时间的原因:
(1)Session是容器,要长时间占用内存。所以限定最大时间间隔
(2)安全考虑
Session.isNew()是不是新的
自杀,用于安全退出或者清空购物车
以下参考:http://copperfield.iteye.com/blog/890018
二、session使用 以登录为例
业务逻辑:login.jsp提交表单,loginServlet判断用户名密码是不是对,如果不对转到login.jsp,如果对转到DealServlet(这个类判断是否登录还有效,无效就返回login,比如163邮箱),也可以通过该容器logout,可以logout返回login页面或者主页
UserLoginServlet
public class UserLoginServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String logid = request.getParameter("logid"); String logpwd = request.getParameter("logpwd"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">"); out.println("<HTML>"); out.println(" <HEAD><TITLE>logincontent</TITLE></HEAD>"); out.println(" <BODY>"); int flag=0; HttpSession session = request.getSession(); if("Admin".equals(logid) && "123".equals(logpwd)){ session.setAttribute("userid", logid); session.setMaxInactiveInterval(20); //System.out.println("here"); //response.sendRedirect("http://localhost:8888/TestmyJSP/logout.servlet"); response.sendRedirect("deal.servlet"); // 不是类名而是url }else{ out.write("<script>alert('login error'); history.go(-1);</script>"); } out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); } }
public class DealLoginServlet extends HttpServlet { /** * The doGet method of the servlet. <br> * * This method is called when a form has its tag value method equals to get. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } /** * The doPost method of the servlet. <br> * * This method is called when a form has its tag value method equals to post. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">"); out.println("<HTML>"); out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>"); out.println(" <BODY>"); HttpSession session = request.getSession(false); if(session == null){ response.sendRedirect("login.jsp"); }else{ Object o = session.getAttribute("userid"); if(null == o){ response.sendRedirect("login.jsp"); }else{ out.write(o.toString()); } } out.println("<a href='logout.servlet'>登出</a> "); out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); } }
public class LogoutServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">"); out.println("<HTML>"); out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>"); out.println(" <BODY>"); HttpSession session = request.getSession(); session.setMaxInactiveInterval(0); session.invalidate(); response.sendRedirect("login.jsp"); out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); } }
版权声明:本文为博主原创文章,未经博主允许不得转载。
标签:
原文地址:http://blog.csdn.net/u011026968/article/details/47091107