关于URL重写的实现
对于session,我想大多学JAVAEE的同学都很清楚。
当一个客户请求一个页面时,服务器端会为该客户分配一个会话ID,
然后在返回给客户的响应头中添加一个头部:
Set-Cookie:JSESSIONID="32位长的16进制字符串"
客户端保存该会话ID,在下一次请求中把该会话ID添加到请求头中,
Cookie:JSESSIONID="32位长的16进制字符串"
服务器取出该首部,和服务器端已有的会话ID逐一匹配,查找到该用户的会话ID。
比如请求一个页面:
上述情况适用于客户接受COOKIE,如果客户拒绝接受COOKIE,则会话会失效。
如图:
为了解决该问题,可以采用URL重写。
在javax.servlet.http.HttpServletResponse接口中定义了两个方法:
public String encodeURL(String url)
public String encodeRedirectURL(String url)
这两个方法首先检查请求头是否包含Cookie投行,如果包含,则证明客户是支持COOKIE的,就不需要重写URL,
否则会将会话ID附加在URL之后(;jsessionid=???)
比如在一个web项目中,有两个JSP文件,index.jsp和page1.jsp
index.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="gb2312"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<a href="<%= response.encodeURL("page1.jsp") %>">下一张页面</a>
</body>
</html>
page1.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="gb2312"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'page1.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
This is page1! <br/>
<a href="<%= response.encodeURL("index.jsp") %>">首页</a>
</body>
</html>
在Internet选项中,选择隐私标签,阻止所有COOKIE。
然后启动Weblogic,或者Tomcat,部署项目。
敲入URL http://127.0.0.1:7001/urltest/index.jsp (具体端口和ContextPath参照自己的项目)
在页面中点击鼠标右键,选择查看源文件:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="http://127.0.0.1:7001/urltest/">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<a href="page1.jsp;jsessionid=T71DQbwMRYmh43P0TYYpF086BczGm0WyKXHfpcpsssPwYyN9hp4y!736619144">下一张页面</a>
</body>
</html>
点击超链接,链接到page1.jsp,再次查看源文件:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="http://127.0.0.1:7001/urltest/">
<title>My JSP 'page1.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
This is page1! <br/>
<a href="index.jsp;jsessionid=T71DQbwMRYmh43P0TYYpF086BczGm0WyKXHfpcpsssPwYyN9hp4y!736619144">首页</a>
</body>
</html>
注意到:
<a href="page1.jsp;jsessionid=T71DQbwMRYmh43P0TYYpF086BczGm0WyKXHfpcpsssPwYyN9hp4y!736619144">下一张页面</a>
和<a href="index.jsp;jsessionid=T71DQbwMRYmh43P0TYYpF086BczGm0WyKXHfpcpsssPwYyN9hp4y!736619144">首页</a>
你会发现在URL后面增加了";jsessionid=会话ID",说明URL重写成功!
注意事项:
如果使用URL重写,应该在应用程序的所有页面中,对所有的URL进行重写,包括超链接和表单action属性值
应用程序所有页面应该都是动态的,因为静态页面URL无法附加会话ID
所有的静态HTML页面必须通过SERVLET运行。