1. Session简单介绍
在WEB开发中,服务器可以为每个浏览器用户创建一个会话对象 ( session对象),注意:一个浏览器用户独占一个session对象(默认情况下)。 因此,在需要保存用户数据时,服务器程序可以把用户数据写到浏览器用户独占的session中,当用户使用浏览器访问该web应用的其它servlet时,其它servlet可以从用户的session中取出该用户的数据,为用户服务,从而实现数据在多个页面中的共享。
2. Session和Cookie的主要区别
- Cookie是把用户的数据写到用户的浏览器。
- Session技术把用户的数据写到用户独占的session中,tomcat服务器内存中。
- Session对象由服务器(Tomcat)创建,开发人员可以调用request对象的getSession()方法得到session对象
3. session机制演示图
image.png
image.png
服务器通过request对象的getSession方法创建出session对象后,会把session的id号,以cookie的形式回写给客户机,这样,只要客户机的浏览器不关,再去访问服务器时,都会带着session的id号去,服务器发现客户机浏览器带session id过来了,就会使用内存中与之对应的session为之服务。
前台页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<a href="session.do">第一次访问session.do</a>
<a href="sessiontest.do">第二次访问sessiontest.do</a>
</body>
</html>
第一次访问
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
@WebServlet(name = "SessionServlet" ,urlPatterns = "/session.do")
public class SessionServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 每一个session对象都存在着唯一的ID
HttpSession httpSession = request.getSession();
httpSession.setAttribute("user","zhangsan");
System.out.println(httpSession.getId());
// Tomcat服务器默默做的一件事
// Cookie cookie = new Cookie("JSESSIONID",httpSession.getId());
// response.addCookie(cookie);
}
}
第二次访问
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet(name = "SessionTestServlet",urlPatterns = "/sessiontest.do")
public class SessionTestServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 获取第一次服务器创建给用户的Session
HttpSession httpSession = request.getSession();
String username = (String)httpSession.getAttribute("user");
System.out.println(username);
System.out.println( httpSession.getId());
}
}
image.png
4. Session cookie
session通过SessionID来区分不同的客户,session是以cookie为基础的,系统会创造一个名为JSESSIONID的输出cookie ,这称之为session cookie,以区别persistent cookies(也就是我们通常所说cookie),session cookie是存储于浏览器内存中的,并不是写到硬盘上的, session cookie针对某一次会话而言,会话结束session cookie也就随着消失了,而persistent cookie只是存在于客户端硬盘上的一段文本。
关闭浏览器,只会使浏览器端内存里的session cookie消失,但不会使保存在服务器端的session对象消失,同样也不会使已经保存到硬盘上的持久化cookie消失。
持久化Session cookie
关闭浏览器,一小时之内打开浏览器,session仍然有效(通过使用cookie类的setMaxAge(秒)方法设置持久化的时效)
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
@WebServlet(name = "TestServlet",urlPatterns = "/test")
public class TestServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession httpSession = request.getSession();
Cookie cookie = new Cookie("JSESSIONID",httpSession.getId());
cookie.setMaxAge(60*60);// 关闭浏览器,一小时之内打开浏览器,session仍然有效
}
}
5. HttpSession的生命周期
问题:用户开一个浏览器访问一个网站,服务器是不是针对这次会话创建一个session?
答:不是的。session的创建时机是在程序中第一次去执行request.getSession();这个代码,服务器才会为你创建session。
问题:关闭浏览器,会话结束,session是不是就销毁了呢?
答:不是的。session是30分钟(默认30分钟)没人用了才会死,服务器会自动摧毁session。
session何时会销毁
(1)调用invalidate()方法,该方法使HttpSession立即失效
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
@WebServlet(name = "TestServlet",urlPatterns = "/test")
public class TestServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession httpSession = request.getSession();
httpSession.invalidate();
}
}
(2)服务器卸载了当前WEB应用
(3)超出session过期时间
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
@WebServlet(name = "TestServlet",urlPatterns = "/test")
public class TestServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession httpSession = request.getSession();
httpSession.setMaxInactiveInterval(10);// 单位: 秒
}
}
web.xml文件中也可以修改session的过期时间(全局的,所有的session的过期时间,若想单独设置还是需要像上面那样进行单独session设置),单位:分钟
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
6. session小练习(利用session完成用户登录)
java实体类对象 User.java
package com.lty.bean;
public class User {
private String username;
private String password;
public User() {
}
public User(String username, String password) {
this.username = username;
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
DB java类(利用list集合来模拟向数据库中查询用户信息的操作过程)
package com.lty.bean;
import java.util.ArrayList;
import java.util.List;
public class DB {
public static List<User> list = new ArrayList<User>();
static{
list.add(new User("aaa","123"));
list.add(new User("bbb","123"));
list.add(new User("ccc","123"));
}
public static List<User> getAll(){
return list;
}
}
主页面index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>$Title$</title>
</head>
<body>
欢迎你:${user.username}
<a href="login.jsp">登录</a>
<a href="LogoutServlet">退出登录</a>
<br>
<a href="SessionDemo1">购买</a>
<br>
</body>
</html>
登录页面 login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="LoginServlet" method="post">
用户名:<input type="text" name="username">
密码:<input type="password" name="password">
<input type="submit" value="登录">
</form>
</body>
</html>
购买页面 SessionDemo1.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
欢迎你:${user.username}
</body>
</html>
后台servlet
package com.lty.servlet;
import com.lty.bean.DB;
import com.lty.bean.User;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
@WebServlet(name = "LoginServlet" , urlPatterns = "/LoginServlet")
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String username = request.getParameter("username");
String password = request.getParameter("password");
List<User> list = DB.getAll();
for(User user : list){
// 用户登录成功
if(user.getUsername().equals(username) && user.getPassword().equals(password)){
request.getSession().setAttribute("user",user);
response.sendRedirect("index.jsp");
return;
}
}
out.print("用户名或密码不正确!!!");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
}
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "LogoutServlet" , urlPatterns = "/LogoutServlet")
public class LogoutServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 立即彻底销毁当前session对象
request.getSession().invalidate();
response.sendRedirect("index.jsp");
}
}
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "SessionDemo1" , urlPatterns = "/SessionDemo1")
public class SessionDemo1 extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("SessionDemo1.jsp").forward(request,response);
}
}
7. 使用Session实现验证码
Session的典型案例:一次性验证码
java工具类 GenerateCode.java(将随机生成的由四个字符组成的字符串用图片进行渲染)
package com.lty.util;
import java.awt.*;
import java.awt.image.BufferedImage;
import java.util.Random;
public class GenerateCode {
// 设置验证码图片的宽度,高度,验证码的个数
private int width = 152;
private int height = 40;
// 验证码字体的高度
private int fontHeight = 38;
// 验证码中的单个字符基线。即:验证码中的单个字符位于验证码图形左上角的(codeX,codeY)位置处
private int codeX = 25;
private int codeY = 36;
public BufferedImage Generate(String code){
// 定义一个类型为 BufferedImage.TYPE_INT_BGR 类型的图像缓存
BufferedImage buffImg = null;
buffImg = new BufferedImage(width,height,BufferedImage.TYPE_3BYTE_BGR);
// 在 buffImg 中创建一个 Graphics2D 图像
Graphics2D graphics = null;
graphics = buffImg.createGraphics();
// 设置一个颜色,使 Graphics2D 对象的后续图形使用这个颜色
graphics.setColor(Color.WHITE);
// 填充一个指定的矩形:x - 要填充矩形的 x 坐标; y - 要填充矩形的 y 坐标; width - 要填充矩形的宽度; height - 要填充矩形的高度
graphics.fillRect(0,0,width,height);
// 创建一个 Font 对象:name - 字体名称; style - Font 的样式常量; size - Font 的点大小
Font font = null;
font = new Font("",Font.BOLD,fontHeight);
// 使 Graphics2D 对象的后续图形使用此字体
graphics.setFont(font);
graphics.setColor(Color.BLACK);
// 绘制指定矩形的边框,绘制出的矩形将比构件宽一个也高一个像素
graphics.drawRect(0,0,width - 1,height - 1);
// 随机产生 15 条干扰线,使图像中的验证码不易被其它程序探测到
Random random = null;
random = new Random();
graphics.setColor(Color.GREEN);
for(int i = 0; i < 30; i++){
int x = random.nextInt(width);
int y = random.nextInt(height);
int x1 = random.nextInt(20);
int y1 = random.nextInt(20);
graphics.drawLine(x,y,x + x1,y + y1);
}
graphics.setColor(Color.BLACK);
for(int i = 0;i < code.length();i++){
// 用随机产生的颜色将验证码绘制到图像中
graphics.drawString(String.valueOf(code.charAt(i)),(i + 1)* codeX,codeY);
}
return buffImg;
}
}
测试生成验证码图片的java类(将生成的验证码图片保存到电脑磁盘中)
package com.lty.util;
import javax.imageio.ImageIO;
import java.awt.image.BufferedImage;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
public class Main {
public static void main(String[] args) throws IOException {
GenerateCode generateCode = new GenerateCode();
BufferedImage bufferedImage = generateCode.Generate("lisi");
// 把图片保存到磁盘
FileOutputStream fileOutputStream = new FileOutputStream("d:/abc.jpg");
ImageIO.write(bufferedImage,"jpeg",fileOutputStream);
System.out.println("成功");
}
}
登录页面 login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
<script>
window.onload = function () {
var img = document.getElementById('code');
img.onclick = function () {
var d = new Date();
// alert(d.getTime());
// 为了让浏览器感觉到每一次请求的地址不一样(不会使用之前缓存的图片),每一次都会发出新的请求,使服务器生成新的验证码
img.src = "ValidateColorServlet?time=" + d.getTime();
}
}
</script>
</head>
<body>
<form action="LoginServlet" method="post">
username:<input type="text" name="username">
验证码:<input type="text" name="check">
<img src="ValidateColorServlet" id="code">
<input type="submit" value="登录">
</form>
</body>
</html>
后台servlet 随机生成四位验证码
package com.lty.servlet;
import com.lty.util.GenerateCode;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;
@WebServlet(name = "ValidateColorServlet" , urlPatterns = "/ValidateColorServlet")
public class ValidateColorServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// System.out.println("ValidateColorServlet");
//回应一张图片的全部字节 --- 图片由一堆字节构成 浏览器进行解析 显示成图片
//这张图片是一个验证码图片
//1.在内存中生成这张图片
//1.1图片上的文字如何生成?
//随机生成一个4个字符的字符串(a-z,0-9组成)
char [] codeSequence = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789".toCharArray();
String code = "";
for(int i = 0; i < 4; i++){
Random random = new Random();
int index = random.nextInt(codeSequence.length);
char c = codeSequence[index];
code += c;
}
System.out.println(code);
request.getSession().setAttribute("code",code);
GenerateCode generateCode = new GenerateCode();
BufferedImage bufferedImage = generateCode.Generate(code);
// 向客户端浏览器进行输出
ServletOutputStream outputStream = response.getOutputStream();
ImageIO.write(bufferedImage,"jpeg",outputStream);
}
}
校验用户输入的验证码与随机生成的验证码的一致性
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "LoginServlet" , urlPatterns = "/LoginServlet")
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
String checkcode = request.getParameter("check");// 用户输入的验证码
String genCode = (String) request.getSession().getAttribute("code");// 当时随机生成的验证码
if(checkcode.equalsIgnoreCase(genCode)){
response.getWriter().println("验证码正确");
}else{
response.getWriter().println("验证码不正确");
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
}
