一、Session
1、每个客户端都有各自的Session对象,以SessionId标识。
2、Session技术实际上是借助Cookie技术实现的。在创建Session时,会将该Session的ID以Cookie:JSESSIONID=sessionId的形式写给客户端。
3、Session默认30分钟后失效。
4、在web.xml文件中配置Session的失效时间:在根元素中增加:
<session-config>
<session-timeout>1</session-timeout><!--单位为分钟-->
</session-config>
5、客户端禁用了Cookie的解决方法:URL重写。以下两个方法可以实现重写,要对该站所有的URL都进行重写。
response.encodeRedirectURL(java.lang.String url):针对重定向的地址进行重写。
response.encodeURL(java.lang.String url):其他地址进行重写。
6、Session开发中遇到的问题:
1)内存中的Session非常多,怎么办?
2)用户在购物中。服务器停掉了该Web应用(或者重新启动了),那么用户购物车中的东西怎么办?
解决办法:将内存中的所有Session进行持久化
7、何时Session会被搁置(具体是根据服务器的实现定的。对用户来说是完全透明的)
1)当服务器停止当前Web应用。
2)内存中的Session对象太多。
3)Session长时间没有活动(并没有被销毁)
8、何时会被激活?
1)当前Web应用又启动了。
2)用户又开始使用了(鼠标键盘又开始活动了)。
二、Session应用——记住验证码
效果图:
1、HtML登录页面(SessionLogin.html)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>SessionLogin.html</title> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="this is my page"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <script type="text/javascript"> function change(){ //得到img对象 var imgObj=document.getElementById("codeImg"); //重新赋值src imgObj.src="/day08/GenerateCode?"+new Date().getTime(); } </script> </head> <body> <form action="/day08/SessionLoginServlet" method="post"> <table border="1"> <tr> <td>用户名:</td> <td><input type="text" name="username"/></td> </tr> <tr> <td>密码:</td> <td><input type="password" name="password"/></td> </tr> <tr> <td>验证码:</td> <td> <input type="text" name="code"/> <img id="codeImg" alt="验证码" src="/day08/GenerateCode"/> <a href="">看不清,换一张</a> </td> </tr> <tr> <td colspan="2"><input type="submit" value="提交"/></td> </tr> </table> </form> </body> </html>
2、生成验证码并把验证码存储到Session页面(GenerateCode.java)
package com.gnnuit.session.app4; import java.awt.Color; import java.awt.Font; import java.awt.Graphics; import java.awt.image.BufferedImage; import java.io.IOException; import java.util.Random; import javax.imageio.ImageIO; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; //生成验证码图片 public class GenerateCode extends HttpServlet { private static final long serialVersionUID = 1L; private static int WIDTH = 65; private static int HEIGHT = 25; public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // 设置客户端不要缓存 response.setHeader("Expires", "-1"); response.setHeader("Pragma", "no-cache"); response.setHeader("Cache-Control", "no-cache"); // 1、创建内存图片,BufferedImage BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB); // 2、通过图片获得画笔Graphics Graphics g = image.getGraphics(); // 2.1画边框 g.setColor(Color.BLUE); g.drawRect(0, 0, WIDTH, HEIGHT); // 2.2画背景颜色 g.setColor(Color.GRAY); g.fillRect(1, 1, WIDTH - 2, HEIGHT - 2); // 2.3画干扰线9条 g.setColor(Color.YELLOW); Random r = new Random(); for (int i = 0; i < 9; i++) { g.drawLine(r.nextInt(WIDTH), r.nextInt(HEIGHT), r.nextInt(WIDTH), r.nextInt(HEIGHT)); } // 2.4画验证码数字4个 StringBuffer sb=new StringBuffer(); g.setColor(Color.RED); g.setFont(new Font("宋体", Font.BOLD, 20)); int x = 7; for (int i = 0; i < 4; i++) { String number=r.nextInt(9) + ""; g.drawString(number, x, 20); x = x + 15; sb.append(number); } //把验证码存储到Session HttpSession session=request.getSession(); session.setAttribute("code", MD5Encoder.getMD5Value(sb.toString())); // 3、输出内存图像到客户端ImageIO ImageIO.write(image, "jpeg", response.getOutputStream()); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
3、判断验证码是否正确页面(SessionLoginServlet.java)
package com.gnnuit.session.app4; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; //判断验证码是否正确 public class SessionLoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=utf-8"); PrintWriter out = response.getWriter(); String formCode = request.getParameter("code"); HttpSession session = request.getSession(); String sessionCode = (String) session.getAttribute("code"); if (MD5Encoder.getMD5Value(formCode).equals(sessionCode)) { out.write("验证码输入正确"); } else { out.write("验证码错误"); } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
4、MD5加密工具类(MD5Encoder.java)
package com.gnnuit.session.app4; import java.security.MessageDigest; import sun.misc.BASE64Encoder; //对MD5进行编码 public class MD5Encoder { public static String getMD5Value(String str) { String result = null; try { MessageDigest md = MessageDigest.getInstance("md5"); byte[] bytes= md.digest(str.getBytes()); BASE64Encoder be=new BASE64Encoder(); result= be.encode(bytes); } catch (Exception e) { throw new RuntimeException(); } return result; } }