Cookie原理总结
Cookie的使用
- 十二、Cookie的使用
-
- 12.1 什么是 Cookie
- 12.2 创建 Cookie
- 12.3 获取Cookie
- 12.4 修改 Cookie
- 12.5 Cookie编码与解码
-
- 12.5.1创建带中文Cookie
- 12.5.2读取带中文Cookie
- 12.6 Cookie优点和缺点
-
- 12.6.1 优点
- 12.6.2 缺点
十二、Cookie的使用
12.1 什么是 Cookie
-
Cookie是在浏览器访问Web服务器的某个资源时,由Web服务器在HTTP响应消息头中附带传送给浏览器的一小段数据。
-
一旦Web浏览器保存了某个Cookie,那么它在以后每次访问该Web服务器时,都应在HTTP请求头中将这个Cookie回传给Web服务器。
-
—个Cookie主要由标识该信息的名称(name)和值(value)组成。
12.2 创建 Cookie
package com.hyqwsq.Cookies;
import com.hyqwsq.servlet1.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/cs")
public class CookieServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 1. 服务器创建Cookie对象
Cookie cookie = new Cookie("username","gavin");
// 1.1 设置Cookie的访问路径
//cookie.setPath("//Servlet_code_demo1_war_exploded"); // 如果是项目名称,代表该项目下所有资源都可以使用这个cookie
cookie.setPath("//Servlet_code_demo1_war_exploded/get"); //只有该项目里的get或者get下面的资源才可以访问
// 1.2 设置Cookie的有效期
cookie.setMaxAge(60*60);
// 2. 将Cookie响应给客户端
resp.addCookie(cookie); // 添加一个cookie到resp对象里,并响应给客户端
}
}
查看创建的cookie
12.3 获取Cookie
只需要保证 Cookie 的 key 和 路径(Path) 一致即可修改
package com.hyqwsq.Cookies;
import com.hyqwsq.servlet1.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/get")
public class GetServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 1. 通过request对象获取所有的cookie
Cookie[] cookies = req.getCookies();
/**
* 若是客户端没有cookie,则会获取一个空数组
* 所以要加上判空,避免空指针异常
*/
if(cookies != null){
// 2. 因为得到的是cookie数组,不知道有几个cookie
// 所以通过循环遍历cookie
for(Cookie cookie : cookies){
System.out.println(cookie.getName()+":"+cookie.getValue()+"路径:" +cookie .getPath());
}
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
- 注意:如果改变cookie的name和有效路径会新建cookie,而改变cookie值、有效期会覆盖原有cookie
12.4 修改 Cookie
package com.hyqwsq.Cookies;
import com.hyqwsq.servlet1.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/csc")
public class ChangeCookie extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 修改cookie需要key和路径同时一致
Cookie cookie = new Cookie("username","mark");
cookie.setPath("/Servlet_code_demo1_war_exploded/get");
cookie.setMaxAge(60*24*7);
resp.addCookie(cookie);
}
}
当访问cs后通过访问getServlet得到 username = ‘gavin’的cookie,这时候访问csc修改key为username 且Path为/Servlet_code_demo1_war_exploded/get的cookie,最后通过访问get来打印结果:
12.5 Cookie编码与解码
Cookie默认不支持中文,只能包含ASCII字符,所以Cookie需要对Unicode字符进行编码,否则会出现乱码
- 编码可以使用
java.net.URLEncoder类的encode(String str,String encoding)方法- 解码使用
java.net.URLEncoder类的decode(String str,String encoding)方法
12.5.1创建带中文Cookie
package com.hyqwsq.URLEncoder;
import com.hyqwsq.servlet1.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/cs3")
public class URLEncoderServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = new Cookie("姓名","张三");
cookie.setPath("/Servlet_code_demo1_war_exploded/get");
cookie.setMaxAge(600);
resp.addCookie(cookie);
}
}
package com.hyqwsq.Cookies;
import com.hyqwsq.servlet1.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
@WebServlet("/cs3")
public class URLEncoderServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Cookie cookie = new Cookie(
URLEncoder.encode("姓名","UTF-8"),
URLEncoder.encode("何义竏","UTF-8")
);
cookie.setPath("/Servlet_code_demo1_war_exploded/get");
cookie.setMaxAge(600);
resp.addCookie(cookie);
}
}
12.5.2读取带中文Cookie
package com.hyqwsq.Cookies;
import com.hyqwsq.servlet1.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLDecoder;
@WebServlet("/get")
public class GetServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 1. 通过request对象获取所有的cookie
Cookie[] cookies = req.getCookies();
/**
* 若是客户端没有cookie,则会获取一个空数组
* 所以要加上判空,避免空指针异常
*/
if(cookies != null){
// 2. 因为得到的是cookie数组,不知道有几个cookie
// 所以通过循环遍历cookie
for(Cookie cookie : cookies){
System.out.println(
URLDecoder.decode(cookie.getName(),"UTF-8")+
":"+URLDecoder.decode(cookie.getValue(),"UTF-8")+
" 路径:" +cookie.getPath()
);
}
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
12.6 Cookie优点和缺点
12.6.1 优点
- 可配置到期规则
- 简单性:Cookie是一种基于文本的轻量结构,包含简单的键值对
- 数据持久性:Cookie默认在过期之前是可以一直存在客户端浏览器上的
12.6.2 缺点
- 大小受到限制:大多数浏览器对Cookie的大小有4K、8K字节的限制。
- 用户配置为禁用:有些用户禁用了浏览器或客户端设备接收Cookie的能力,因此限制了这一功能
- 潜在的安全风险:Cookie可能会被篡改。会对安全性造成潜在风险或者导致依赖于Cookie的应用程序失败