最近看了一些关于用户模块的设计,发现以前自己对cookie和session等理解不太深刻,于是自己做了关于登录,退出,记住用户名和用户免登录的几种场景代码,也可以算是一些解决方案吧。其实在开始做登陆这部分之前,需要对cookie和session理解的深刻一点,我说的深刻不是指你知道cookie是存储在客户端的,session是存在服务端的就可以了,这些是不够的。你需要理解以下几点:(个人见解,总结不对的地方希望纠正)
cookie是存放在客户端的,cookie的默认生命周期是什么?
答:默认浏览器关闭时,当前cookie就失效了!否则是超过cookie的有效时间就失效了。
cookie中默认的会存放一些什么东西?
答:浏览器第一次请求后端服务的时候,会收到服务端存放在Cookie里的sessionId,在浏览器未关闭之前(cookie未失效之前)都会带着这个sessionId去访问后台
我在网上看到很多人说,cookie是存放在本地的,浏览器可以共享,对于这句话的理解我不知道是我理解的不对还是什么,但是经过我的实践,这句话应该这样说,在cookie未失效之前同一个浏览器是可以共享的,不同浏览器是不能共享cookie的,因为存放和读取cookie的路径都不同!
session是存放在服务端的,它的默认生命周期是什么?
答:当浏览器访问服务器,调用getSession()时,服务器判断当前cookie中是否有sessionid,通过sessionid去检索出对应的session,如果指定Session过期,则返回一个新的session,否则返回指定session
session什么时候会失效?
答:过期,服务器关闭
有如下要求:
1.用户通过浏览器请求后台页面时,需要判断用户是否已经登录,已经登录则跳转到指定请求页面,否则跳转到登录页面
2.用户登录后,关闭浏览器再重新打开浏览器时需要重新登录
3.提供记住密码功能,用户未登录状态打开登陆页有上次输入的密码(有效期为。。。随便吧)
登录逻辑:
过滤器逻辑:
记住用户密码逻辑:
在用户登录成功里面加入,将用户名密码放入Cookie中,再改动登陆页面,获取cookie中的密码,初始化显示在登陆框中就好了。
登录jsp:
<%--
Created by IntelliJ IDEA.
User: lifu
Date: 2019/4/24
Time: 16:10
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
登陆
<%
String rememberUserName = "";
String rememberUserPwd = "";
Cookie[] cookies = request.getCookies();
for(Cookie cookie :cookies){ //查找cookie中记住的用户名和密码
if("rememberUser".equals(cookie.getName())){
rememberUserName = cookie.getValue().split("&")[0];
rememberUserPwd = cookie.getValue().split("&")[1];
}
}
%>
处理登录的servlet:
package com.my.test.web.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
/**
* @author lf
* @Title: LoginServlet
* @Description: 登陆
* @date 2019/4/24 16:12
*/
@WebServlet(urlPatterns = "/loginServlet")
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
String pwd = req.getParameter("pwd");
if("jack".equals(username)&&"123".equals(pwd)){ //通过用户名和密码查找用户信息
//登陆成功 用户信息放入session中
HttpSession session = req.getSession();
session.setAttribute("username","jack");
//是否勾选了记住密码
boolean isPwdRemember = Boolean.parseBoolean(req.getParameter("pwdRemember"));
if(isPwdRemember){
//将用户名和密码放入cookie
Cookie rememberUserCookie = new Cookie("rememberUser",username+"&"+pwd);
rememberUserCookie.setMaxAge(20);//设置有效时间为20秒
resp.addCookie(rememberUserCookie);
}
//重定向到主页
resp.sendRedirect("/jsp/index.jsp");
}else{
//登陆失败
String msg = new String("用户名或者密码错误".getBytes("ISO-8859-1"),"UTF-8");
resp.sendRedirect("/jsp/login.jsp?msg="+msg);
}
}
}
过滤器:
package com.my.test.web.filter;
import org.springframework.util.StringUtils;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Arrays;
/**
* @author lf
* @Title: LoginFilter
* @Description: TODO
* @date 2019/4/24 16:53
*/
@WebFilter(urlPatterns = "/*",initParams = {@WebInitParam(name = "exceptUrl", value = "/loginServlet&/jsp/login.jsp")} )
public class LoginFilter implements Filter {
private String[] exceptUrls;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//获取 不过滤的url
String exceptUrl = filterConfig.getInitParameter("exceptUrl");
exceptUrls = exceptUrl.split("&");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if(Arrays.asList(exceptUrls).contains(request.getServletPath())){//当前请求是 不需要过滤的url 则放过
filterChain.doFilter(servletRequest,servletResponse);
return;
}
//当前请求是 需要过滤的url 进行用户是否已经登陆的验证
HttpSession session = request.getSession();
String username = (String) session.getAttribute("username");
if(StringUtils.isEmpty(username)){
//没有登陆 重定向到 登陆界面
response.sendRedirect("/jsp/login.jsp");
}else{//已经登陆 则放过
filterChain.doFilter(servletRequest,servletResponse);
return;
}
}
@Override
public void destroy() {
}
}
有如下要求:
处理登录的逻辑:
过滤器逻辑:
用户免登录功能:
当用户勾选了免登录时,设置cookie的有效时长即可。(默认时关闭浏览器就失效了)
登录页面代码:
<%--
Created by IntelliJ IDEA.
User: lifu
Date: 2019/4/24
Time: 16:10
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
登陆
<%
String rememberUserName = "";
String rememberUserPwd = "";
Cookie[] cookies = request.getCookies();
for(Cookie cookie :cookies){ //查找cookie中记住的用户名和密码
if("rememberUser".equals(cookie.getName())){
rememberUserName = cookie.getValue().split("&")[0];
rememberUserPwd = cookie.getValue().split("&")[1];
}
}
%>
处理登录的servlet:
package com.my.test.web.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
/**
* @author lf
* @Title: LoginServlet
* @Description: 登陆
* @date 2019/4/24 16:12
*/
@WebServlet(urlPatterns = "/loginServlet")
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
String pwd = req.getParameter("pwd");
if("jack".equals(username)&&"123".equals(pwd)){ //通过用户名和密码查找用户信息
//登陆成功 用户信息放入session中
Cookie userCookie = new Cookie("userInfo", username);
//是否勾选了免登录
boolean rememberMe = Boolean.parseBoolean(req.getParameter("rememberMe"));
if(rememberMe){
//设置Cookie有效时间 20秒
userCookie.setMaxAge(20);
}
//重定向到主页
resp.addCookie(userCookie);
resp.sendRedirect("/jsp/index.jsp");
}else{
//登陆失败 重定向到登陆页
String msg = new String("用户名或者密码错误".getBytes("ISO-8859-1"),"UTF-8");
resp.sendRedirect("/jsp/login.jsp?msg="+msg);
}
}
}
过滤器代码:
package com.my.test.web.filter;
import org.springframework.util.StringUtils;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Arrays;
/**
* @author lf
* @Title: LoginFilter
* @Description: TODO
* @date 2019/4/24 16:53
*/
@WebFilter(urlPatterns = "/*", initParams = {@WebInitParam(name = "exceptUrl", value = "/loginServlet&/jsp/login.jsp")})
public class LoginFilter implements Filter {
private String[] exceptUrls;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//获取 不过滤的url
String exceptUrl = filterConfig.getInitParameter("exceptUrl");
exceptUrls = exceptUrl.split("&");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (Arrays.asList(exceptUrls).contains(request.getServletPath())) {//当前请求是 不需要过滤的url 则放过
filterChain.doFilter(servletRequest, servletResponse);
return;
}
//当前请求是 需要过滤的url 进行用户是否已经登陆的验证
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if ("userInfo".equals(cookie.getName()) && cookie.getValue() != null) {
//已经登陆 则放过
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
//没有登陆 重定向到 登陆界面
response.sendRedirect("/jsp/login.jsp");
}
@Override
public void destroy() {
}
}