1、session:用户打开一个网站,只要不关闭浏览器(服务器中间没重启),称这样的操作为一次会话。
2、Cookie :记录历史访问、保存用户名密码.可被多个浏览器共享,一个浏览器一般只允许存放300个Cookie,每个站点最多存放20个Cookie,每个Cookie的大小限制为4KB。
cookie是以明文存放,安全性较低;
创建cookie
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //Cookie(java.lang.String name, java.lang.String value) Cookie ck = new Cookie("cookie1", "name"); ck.setMaxAge(600);//600s //发送个浏览器 response.addCookie(ck); }
cookie是明文保存的;
读取cookie
Cookie[] ck = request.getCookies(); for(int i =0;i<ck.length;i++) { if("cookie1".equals(ck[i].getName())) { System.out.println(ck[i].getValue()); } }
页面取cookie:
value="<%=cookie1%>"
删除cookie:ck.setMaxAge(0);
设置为负数,在浏览器关闭时删除,相当于会话级别。
session的运用:购物车
第一次访问自动创建;cookie需要手动创建回送给浏览器一个http响应头,把sessionID带回给浏览器以cookie的方式,在会话结束或30分钟时清除
再次访问服务器时,web服务器内存接到request时读取到sessionID,就能在内存中查到该id的信息。
setAttribute(java.lang.String name, java.lang.Object value)
一个浏览器对应一个session对象,而cookie是可以是多个浏览器共存,cookie是对象数组
session是存在服务器的内存里的,不是存在浏览器中
注意游览器设置,单进程浏览器:无论打开多个浏览器都使用同一个session;一般来说是多进程浏览器,一个浏览器独享一个session
session的生命周期
默认是30分钟,在tomcat/web.xml中设置的
也可通过session.setMaxInac...(int) 设置
HttpSession session = request.getSession;
设置属性:
session.setAttribute("user",user);
获取属性
User u = session.getAttribute("user");
清除session的某个属性
session.removeAtrribute("user");
当用户成功登陆后,将用户信息存放在session内,不用每次都连接数据库验证,当内存肿么没有该用户信息时,要求登陆验证;
验证码:使用到java的绘图技术
image.jsp
<%@ page contentType="image/jpeg" import="java.awt.*, java.awt.image.*,java.util.*,javax.imageio.*" %> <%! Color getRandColor(int fc,int bc) { Random random = new Random(); if(fc>255) fc=255; if(bc>255) bc=255; int r=fc+random.nextInt(bc-fc); int g=fc+random.nextInt(bc-fc); int b=fc+random.nextInt(bc-fc); return new Color(r,g,b); } %> <% //out.clear();//这句针对resin服务器,如果是tomacat可以不要这句 response.setHeader("Pragma","No-cache"); response.setHeader("Cache-Control","no-cache"); response.setDateHeader("Expires", 0); //设置长高 int width=60, height=20; BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics g = image.getGraphics(); Random random = new Random(); g.setColor(getRandColor(200,250)); g.fillRect(0, 0, width, height); g.setFont(new Font("Times New Roman",Font.PLAIN,18)); g.setColor(getRandColor(160,200)); for (int i=0;i<155;i++) { int x = random.nextInt(width); int y = random.nextInt(height); int xl = random.nextInt(12); int yl = random.nextInt(12); g.drawLine(x,y,x+xl,y+yl); } String sRand=""; //设置位数 for (int i=0;i<4;i++){ String rand=String.valueOf(random.nextInt(10)); sRand+=rand; g.setColor(new Color(20+random.nextInt(110),20+random.nextInt(110),20+random.nextInt(110))); g.drawString(rand,13*i+6,16); } // 将认证码存入SESSION session.setAttribute("rand",sRand); g.dispose(); ImageIO.write(image, "JPEG", response.getOutputStream()); out.clear(); out = pageContext.pushBody(); %>
login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>login.jsp</title> <script language="javascript"> function loadimage(){ //加个随即数字是为了使每次访问image.jsp的地址不一样,这样浏览器不会取本地缓存的数据。 document.getElementById("checkid").src = "<%=path%>/pages/image.jsp?"+Math.random(); } </script> </head> <body> <% String str = (String)request.getAttribute("info"); if(null != str) response.getWriter().print(str); %> <form action="<%=path%>/servlet/LoginCk" method="post" style="margin-left: 40% ;margin-top: 8%" > 用户id:<input type="text" name="id"><br> 密 码:<input type="password" name="pwd"><br> 验证码: <input type="text" name="checkid"><img border=0 id="checkid" src="<%=path%>/pages/image.jsp"/> <a href="javascript:loadimage();">看不清点我</font></a> <br> <input type="submit"> <input type="reset"> </form> </body> </html>
禁用cookie和禁用session
1、浏览器设置禁用cookie(原session失效,将重新创建session,每次请求都要创建session)
2、实现禁用cookie后继续使用原session:url重写
c标签的遍历list/map
<%-- <c:forEach items="${books}" var="vo"> ${vo}<br/> </c:forEach> --%> id----> 书 名---->购买数量<br/> <c:forEach items="${books}" var="vo"> ${vo.key}----> ${vo.value.name}---->${vo.value.num}<br/> </c:forEach> <br/>
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String id = request.getParameter("id").trim(); String name = request.getParameter("name").trim(); HttpSession session = request.getSession(); HashMap<String, Book> hm = (HashMap<String, Book>)session.getAttribute("books"); if(null == hm) { hm = new HashMap<String, Book>(); Book b = new Book(); b.setId(Integer.parseInt(id)); b.setName(name); b.setNum(1); session.setAttribute("books", hm); }else { //已经购买,数量+1 if(hm.containsKey(id)) { Book b = hm.get(id); b.setNum(b.getNum()+1); hm.put(id, b); } //第一次购买 else { Book b = new Book(); b.setId(Integer.parseInt(id)); b.setName(name); b.setNum(1); hm.put(id, b); } } /*ArrayList list = (ArrayList)session.getAttribute("books"); if(null == list) { list = new ArrayList(); } list.add(book);*/ session.setAttribute("books", hm); request.getRequestDispatcher("/pages/booklist.jsp").forward(request, response); return; }