码迷,mamicode.com
首页 > 其他好文 > 详细

SSH学习三 SESSION

时间:2015-07-27 23:09:57      阅读:118      评论:0      收藏:0      [点我收藏+]

标签:

一、session方法

Session:由同一个IE窗口向同一个WEBAPP发的所有请求的总称,一个会话

同一个会话的多个额请求可以从前到后多个请求。??祖给孙,孙不给祖

浏览器:搜集sessionID信息,并发到服务器。没有就不发送。

查找sessionID,若找到,看servlet是否需要session,需要就从服务器内存提取旧的session对象。否则维持旧的Session不动,修改session的使用时间。

如果没找到,看是否需要session,再创建session对象,并且保持session对象在服务器中,把sessionID写到IE中。

sessionID放到IE浏览器,浏览器通过request把id带到服务器端


HttpSession session = request.getSession(false);// 这里false只能用就得Session

True有旧的找旧的,否则建新的

Session.setMaxInactiveInterval两次请求之间的最长的时间间隔单位:s。相当于Session最大存活时间,超过之后服务器销毁这个session。比如登陆之后有一定时间,超出就销毁。0表示立即过期,-1表示永不过期

设置最大时间的原因:

(1)Session是容器,要长时间占用内存。所以限定最大时间间隔

(2)安全考虑


Session.isNew()是不是新的

自杀,用于安全退出或者清空购物车

 以下参考:http://copperfield.iteye.com/blog/890018

session.invalidate()是销毁跟用户关联session,例如有的用户强制关闭浏览器,而跟踪用户的信息的session还存在,可是用户已经离开了。
虽然session 生命周期浏览默认时间30分,但是在30分钟内别的用户还可以访问到前一个用户的页面,需销毁用户的session。
session.removeAttribute()移除session中的某项属性。
在spring例子中宠物商店的注销登录的代码:
request.getSession().removeAttribute("userSession");
//    注销用户,使session失效。
request.getSession().invalidate();

 

二、session使用 以登录为例

业务逻辑:login.jsp提交表单,loginServlet判断用户名密码是不是对,如果不对转到login.jsp,如果对转到DealServlet(这个类判断是否登录还有效,无效就返回login,比如163邮箱),也可以通过该容器logout,可以logout返回login页面或者主页

UserLoginServlet

public class UserLoginServlet extends HttpServlet {
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doPost(request, response);
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		String logid = request.getParameter("logid");
		String logpwd = request.getParameter("logpwd");
		
		PrintWriter out = response.getWriter();
		out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
		out.println("<HTML>");
		out.println("  <HEAD><TITLE>logincontent</TITLE></HEAD>");
		out.println("  <BODY>");
		int flag=0;
		HttpSession session = request.getSession();
		if("Admin".equals(logid) && "123".equals(logpwd)){
			session.setAttribute("userid", logid);
			session.setMaxInactiveInterval(20);
			//System.out.println("here");
			//response.sendRedirect("http://localhost:8888/TestmyJSP/logout.servlet");
			response.sendRedirect("deal.servlet"); // 不是类名而是url
		}else{
			out.write("<script>alert('login error'); history.go(-1);</script>");
		}
		
		out.println("  </BODY>");
		out.println("</HTML>");
		out.flush();
		out.close();
	}

}

DealLoginServlet


public class DealLoginServlet extends HttpServlet {

	/**
	 * The doGet method of the servlet. <br>
	 *
	 * This method is called when a form has its tag value method equals to get.
	 * 
	 * @param request the request send by the client to the server
	 * @param response the response send by the server to the client
	 * @throws ServletException if an error occurred
	 * @throws IOException if an error occurred
	 */
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		doPost(request, response);
	}

	/**
	 * The doPost method of the servlet. <br>
	 *
	 * This method is called when a form has its tag value method equals to post.
	 * 
	 * @param request the request send by the client to the server
	 * @param response the response send by the server to the client
	 * @throws ServletException if an error occurred
	 * @throws IOException if an error occurred
	 */
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html");
		PrintWriter out = response.getWriter();
		out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
		out.println("<HTML>");
		out.println("  <HEAD><TITLE>A Servlet</TITLE></HEAD>");
		out.println("  <BODY>");

		HttpSession session = request.getSession(false);
		
		if(session == null){
			response.sendRedirect("login.jsp");
		}else{
			Object o = session.getAttribute("userid");
			if(null == o){
				response.sendRedirect("login.jsp");
			}else{
				out.write(o.toString());
			}
		}
		out.println("<a href='logout.servlet'>登出</a> ");
		out.println("  </BODY>");
		out.println("</HTML>");
		out.flush();
		out.close();
	}

}

LogoutServlet

public class LogoutServlet extends HttpServlet {
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		doPost(request, response);
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html");
		PrintWriter out = response.getWriter();
		out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
		out.println("<HTML>");
		out.println("  <HEAD><TITLE>A Servlet</TITLE></HEAD>");
		out.println("  <BODY>");
		HttpSession session = request.getSession();
			session.setMaxInactiveInterval(0);
			session.invalidate();
			response.sendRedirect("login.jsp");	
		
		out.println("  </BODY>");
		out.println("</HTML>");
		out.flush();
		out.close();
	}

}



版权声明:本文为博主原创文章,未经博主允许不得转载。

SSH学习三 SESSION

标签:

原文地址:http://blog.csdn.net/u011026968/article/details/47091107

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!