基于JsessionId的会话跟踪登录设计与实现
来源:互联网 发布:家庭音响5.1 知乎 编辑:程序博客网 时间:2024/05/16 13:44
点击QQ界面的邮箱图标就能实现直接登录QQ邮箱、登录验证进入新浪微博之后关掉浏览器下次再登录时就不用输入用户名密码而可以直接登录新浪微博,想必这些熟悉的操作大家已经不只操作过上万遍了。但是大家是否知道这些会话跟踪登录时如何实现的捏,带着这些问题让我们进入下面的知识点解析。
在进入本文之前大家可以先了解下有关Session的原理和会话跟踪的相关知识:
http://blog.csdn.net/zhangwenlong136/article/details/9255339
有了前面的知识点之后,接下来我们来做一个简单的会话跟踪的设计与实现,不多说先上效果图:
1、本地自写浏览器登录效果图:
2、IE浏览器登录效果图
知识点解析:
1、Java关键代码
验证登录后台代码,对应http://localhost:8080/bbs/httclientloginCheck.shtml的验证:
package gdin.mvc.manager;import gdin.mvc.db.Conn;import java.io.IOException;import java.io.PrintWriter;import java.sql.ResultSet;import java.sql.SQLException;import java.sql.Statement;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;@SuppressWarnings("serial")public class HttpClientLoginCheck extends HttpServlet {@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {String userName = req.getParameter("userName");String password = req.getParameter("password");Statement stmt = Conn.getStatement();String sql = "select * from User1 where userName = '" + userName +"' and password = '" + password + "'";try {ResultSet rs = stmt.executeQuery(sql);if (rs.next()) {HttpSession session = req.getSession();System.out.println(session.getId());if(session.getAttribute("userName")==null){session.setAttribute("userName", userName);session.setAttribute("password", password);session.setAttribute("id", rs.getInt("id"));}resp.setCharacterEncoding("GBK"); PrintWriter pw=resp.getWriter(); pw.println("<html>"); pw.println("<head>"); pw.println("</head>"); pw.println("<body>"); pw.println("SessionID=" + session.getId() + "#");pw.println("</body>"); pw.println("</html>"); }else {resp.sendRedirect("loginResult.jsp");}} catch (SQLException e) {e.printStackTrace();}}@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException { doPost(req, resp);}}
登录后台的的代码,对应http://localhost:8080/bbs/loginBackGround.shtml的验证后台登录:
package gdin.mvc.manager;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet implementation class LoginBackGround */public class LoginBackGround extends HttpServlet {private static final long serialVersionUID = 1L;protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {HttpSession session = req.getSession();if(session.getAttribute("userName")!=null){Cookie cookie=new Cookie("JSESSIONID", session.getId());//JSESSIONID在这里必须要大写,不然无法验证通过(具体原因不知)resp.addCookie(cookie);resp.sendRedirect("admin/backGround.jsp");}}protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stub}}
过滤器
package gdin.mvc.filter;import java.io.*;import javax.servlet.*;import javax.servlet.http.*;public class Limits implements Filter{@Overridepublic void destroy() {}@Overridepublic void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest)request;HttpServletResponse resp = (HttpServletResponse)response; HttpSession session = req.getSession(false); System.out.println("request URL:" + req.getRequestURI()); System.out.println("session Id:" + session.getId()); if (session.getAttribute("userName") != null) {// System.out.println("request cookie:" + req.getCookies().toString()); chain.doFilter(req, resp); }}@Overridepublic void init(FilterConfig arg0) throws ServletException {}}
/admin/background.jsp界面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>后台管理</title></head><frameset rows="80,*" border="5" bordercolor="#ebebeb"> <frame src="top.jsp" name="topFrame" scrolling="no"/> <frameset cols="150,*"> <frame src="left.jsp" scrolling="no"/> <frame src="listUsers.shtml" name="mainFrame"/> </frameset></frameset></html>
2、C++关键代码分析
//---------------------------------------------------------------------------//获取SessionIDvoid __fastcall TForm1::Button1Click(TObject *Sender){ //通过HttpClient去完成验证登录并获取服务器端传回来的SessionID //在这里我是直接通过Html解析返回来的SessionID的,也可以采用Json或XML,这里为了方便演示就用html了 XHTTPClient *Client=new XHTTPClient(); UnicodeString strNewURL=URL->Text; strNewURL+="?userName=" + UserName->Text + "&password=" + Password->Text; UnicodeString strText=Client->Get(strNewURL); int i=strText.Pos("SessionID"); int j=strText.Pos("="); if(i>0 && j>i) { i=strText.Pos("#"); SessionID=strText.SubString(j+1,i-j-1); } delete Client;}//---------------------------------------------------------------------------//本地浏览器登录void __fastcall TForm1::Button2Click(TObject *Sender){UnicodeString strNewURL="http://localhost:8080/bbs/loginBackGround.shtml";strNewURL+=";jsessionid=" + SessionID;strHttpUrl=strNewURL;CppWebBrowser1->Navigate(strNewURL.c_str());//http://localhost:8080/bbs/admin/listUsers.shtml;jsessionid=50F5BF44DDB4694C003F3A9BE0904CE8}//---------------------------------------------------------------------------//IE浏览器登录void __fastcall TForm1::Button3Click(TObject *Sender){ ShellExecute(Handle, _T("open"), strHttpUrl.t_str(), 0, 0, SW_SHOWNORMAL);}//---------------------------------------------------------------------------
难点解析:
1,URL重写的jsessionid必须小写,回传给客户端的Cookie:JSESSIONID必须大写,不然无法实现,这个具体的原因还不知。
2,也许你回问,那要是客户端的Cookie被禁止了那怎么办?这种情况下,你就只能纯粹借助URL重写Jsessionid了,而且页面必须动态生成的,这样才能把Jsessionid动态嵌入到每个链接里面。
- 基于JsessionId的会话跟踪登录设计与实现
- 基于jsessionid的单点登录经验总结
- 基于Servlet的会话跟踪
- 基于Servlet的会话跟踪(一)
- 基于Cookies的会话跟踪技术
- 基于跨域单点登录令牌的设计与实现
- Session原理和会话跟踪登录实现方式分析
- java中会话跟踪的实现
- Cookie实现会话跟踪!
- Cookie实现会话跟踪
- Session与会话跟踪
- 分布式会话跟踪系统架构设计与实践
- JavaEE——基于Servlet的会话跟踪(一)
- JavaEE——基于Servlet的会话跟踪(二)
- 笔记 基于OpenCV的目标跟踪软件与系统实现
- jsp的会话跟踪
- 会话的跟踪
- servlet的会话跟踪
- XP系统怎样删除新增加的用户账号
- 【翻译】WPF4.5新特性(MSDN的翻译读不太懂)
- [iis6]你的网站还没有开启压缩吗?还是不知道怎么开启?
- 优先级反转问题及解决方法
- 让vc编译出的程序 减小体积
- 基于JsessionId的会话跟踪登录设计与实现
- hdu 2955 Robberies(01背包)
- 自制AutoMapper实现DTO到持久层Entity的转换
- Android Launcher构建之拖拽初步
- UESTC 1307 windy数 数位DP
- 让你的网站记录蜘蛛来访次数吧
- NYOJ155-求高精度幂
- JAVA学习笔记1【面向对象】
- ODBC连接数据库 防止忘记释放内存