在网上找到一份servlet产生验证码的代码,经过测试,发现在页面通过session.getAttribute()方法得到的验证码总是上一次保存在session中的,这样,它总比页面实际的验证码晚一拍。网上一种说法是session早于页面加载。多数人解决方法是用一个中间页面,或者一个servlet来比较输入的验证码是否是session中保存的验证码来解决的,也有通过ajax异步加载来解决的,本人通过中间servlet比较来解决的,测试过程如下,以备后用:
1. 页面
2. 中间servlet
1. 页面
- <%@page import="java.util.Date"%>
- <%@ page language="java" contentType="text/html; charset=UTF-8"
- pageEncoding="UTF-8"%>
- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Insert title here</title>
- <%
- String context = request.getContextPath();
- %>
- <script type="text/javascript">
- function reloadIdentifyCode() {
- document.getElementById("btn").disable = true;
- document.getElementById("code").src = "<%=context %>/generateidentifycode?time=" + new Date().getTime();
- }
- function isIdentifyCodeRight() {
- //must quote the jsp sentence
- var input = document.getElementById("identify_code").value;
- <%
- String identifyCode = (String) session.getAttribute("identifyCode");
- %>
- alert("You input:" + input + ", the answer is:" + "<%=identifyCode %>");
- if(input == "<%=identifyCode %>") {
- return true;
- }
- else {
- return false;
- }
- }
- </script>
- </head>
- <body>
- <div id="" align="center">
- <form action="<%=context %>/user/findpwd" method="post">
- <table>
- <tr>
- <td>用户名:</td>
- <td><input id="userName" type="text" value="Email/手机号/用户名" name="userName"></td>
- </tr>
- <tr>
- <td>验证码:</td>
- <td><input id="identify_code" type="text" maxlength="6" value="" name="identifyCode">
- <img id="code" alt="" src="<%=context %>/generateidentifycode?time=<%=new Date().getTime() %>">
- <input id="btn" type="button" value="换张图片" onclick="reloadIdentifyCode()"></td>
- </tr>
- <tr>
- <td colspan="2"><input type="submit" value="发送验证码到邮箱"></td>
- </tr>
- </table>
- </form>
- </div>
- </body>
- </html>
2. 中间servlet
- package com.jesse.onlineshop.servlet;
- import java.io.IOException;
- import java.util.Date;
- import java.util.regex.Matcher;
- import java.util.regex.Pattern;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import com.jesse.onlineshop.bean.User;
- import com.jesse.onlineshop.exception.DaoException;
- import com.jesse.onlineshop.service.UserService;
- import com.jesse.onlineshop.service.impl.UserServiceImpl;
- /**
- * 因为session先于验证码图片加载,在jsp页面通过session得到的验证码总是上一次的,
- * 所以,这里借助Ajax通过异步机制来比较用户输入的验证码和session中保存的验证码是 否一致来达到验证的目的
- * @author Administrator
- *
- */
- public class FindPassWordServlet extends HttpServlet {
- private static final long serialVersionUID = 7331068570820532059L;
- private User user;
- private UserService userService = new UserServiceImpl();
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- String input = req.getParameter("identifyCode"); //获取用户输入的code
- String answer = (String) req.getSession(false).getAttribute( //获取session中保存的code
- "identifyCode");
- if (!input.equalsIgnoreCase(answer)) {
- req.getRequestDispatcher("/user/wrongcode.jsp").forward(req, resp);
- } else {
- String userName = req.getParameter("userName");
- String regex = "[0-9]{11}";
- Pattern pattern = Pattern.compile(regex);
- Matcher matcher = pattern.matcher(userName);
- if (matcher.matches()) {
- } else if (userName.contains("@")) {
- try {
- user = userService.getUserByEmail(userName);
- } catch (DaoException e) {
- e.printStackTrace();
- }
- } else {
- try {
- user = userService.getUserByName(userName);
- } catch (DaoException e) {
- e.printStackTrace();
- }
- }
- String email = user.getEmail();
- userName = user.getUserName();
- String url = req.getContextPath() + "/confidential/user/changepwd?user="+userName+"&&time=" + new Date().getTime();
- try {
- userService.addChangePwdReqRecord(userName);
- } catch (DaoException e) {
- e.printStackTrace();
- throw new ServletException(e.getMessage());
- }
- userService.sendChangePassWordRequest(email, url);
- req.getRequestDispatcher("findpwdsuccess.jsp").forward(req, resp);
- }
- }
- }
- 因为session先于验证码图片加载,在jsp页面通过session得到的验证码总是上一次的,
- 所以,这里借助Ajax通过异步机制来比较用户输入的验证码和session中保存的验证码是 否一致来达到验证的目的
- @author Administrator
*/
public class FindPassWordServlet extends HttpServlet {
private static final long serialVersionUID = 7331068570820532059L;
private User user;
private UserService userService = new UserServiceImpl();
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String input = req.getParameter("identifyCode"); //获取用户输入的code
String answer = (String) req.getSession(false).getAttribute( //获取session中保存的code
"identifyCode");
if (!input.equalsIgnoreCase(answer)) {
req.getRequestDispatcher("/user/wrongcode.jsp").forward(req, resp);
} else {
String userName = req.getParameter("userName");
String regex = "[0-9]{11}";
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(userName);
if (matcher.matches()) {
} else if (userName.contains("@")) {
try {
user = userService.getUserByEmail(userName);
} catch (DaoException e) {
e.printStackTrace();
}
} else {
try {
user = userService.getUserByName(userName);
} catch (DaoException e) {
e.printStackTrace();
}
}
String email = user.getEmail();
userName = user.getUserName();
String url = req.getContextPath() + "/confidential/user/changepwd?user="+userName+"&&time=" + new Date().getTime();
try {
userService.addChangePwdReqRecord(userName);
} catch (DaoException e) {
e.printStackTrace();
throw new ServletException(e.getMessage());
}
userService.sendChangePassWordRequest(email, url);
req.getRequestDispatcher("findpwdsuccess.jsp").forward(req, resp);
}
}
}