1 使用
Controller:
@PostMapping("/user/login")
public ResponseVo<User> login(@Valid @RequestBody UserLoginForm userLoginForm,
HttpSession session) {
ResponseVo<User> userResponseVo = userService.login(userLoginForm.getUsername(), userLoginForm.getPassword());
//设置Session
session.setAttribute(MallConst.CURRENT_USER, userResponseVo.getData());
log.info("/login sessionId={}", session.getId());
return userResponseVo;
}
//session保存在内存里,改进版:token+redis
@GetMapping("/user")
public ResponseVo<User> userInfo(HttpSession session) {
log.info("/user sessionId={}", session.getId());
User user = (User) session.getAttribute(MallConst.CURRENT_USER);
return ResponseVo.success(user);
}
service:
@Override
public ResponseVo<User> login(String username, String password) {
User user = userMapper.selectByUsername(username);
if (user == null) {
//用户不存在(返回:用户名或密码错误 )
return ResponseVo.error(ResponseEnum.USERNAME_OR_PASSWORD_ERROR);
}
if (!user.getPassword().equalsIgnoreCase(
DigestUtils.md5DigestAsHex(password.getBytes(StandardCharsets.UTF_8)))) {
//密码错误(返回:用户名或密码错误 )
return ResponseVo.error(ResponseEnum.USERNAME_OR_PASSWORD_ERROR);
}
user.setPassword("");//不返回密码
return ResponseVo.success(user);
}
2 session保存在内存里,重启项目会丢失
改进版:token+redis
3跨域
4退出
@PostMapping("/user/logout")
public ResponseVo logout(HttpSession session) {
log.info("/user/logout sessionId={}", session.getId());
session.removeAttribute(MallConst.CURRENT_USER);
return ResponseVo.success();
}
5session有过期时间
源码中:不能低于1分钟
在配置类中配置: