java 自动登陆cookie注意事项

   当我们做自动登录时，其实就是把用户名和密码保存到cookie中，我发现当我没对cookie设置过期时间时，它默认是session级别的，也就是把浏览器关闭了，cookie就不存在了，这样当第二天登陆时，肯定就不能实现自动登陆了，所以就要设置过期时间

下面是我用的spring mvc作的自动登陆的例子.

登陆控制器:

/** * 登陆页 *  * @param request * @param modelMap * @return */// @ResponseBody@RequestMapping(value = "/toLogin", method = RequestMethod.GET)public String toLogin(HttpServletRequest request, ModelMap modelMap) {logger.info(" login");return "login";}/** * 登陆 *  * @param request * @param model * @return */@RequestMapping(value = "/login", method = RequestMethod.POST)public String login(HttpServletRequest request, HttpServletResponse response) {String email = request.getParameter("email");// 用户名String password = request.getParameter("password");// 密码String isRemenber = request.getParameter("isRemenber");// 是否记住密码logger.info(email);logger.info(password);logger.info(isRemenber);User user = userService.getByEmail(email);// 通过email得到加密后的密码if (null != user && user.getPassword() != null&& user.getPassword().equals(password)) {// 这里应该是用明文密码与加密的密码进行校验，目前没有加密request.getSession().setAttribute("user", user);// 放到session中if (ISREMENBER.equals(isRemenber)) {// 记住密码Cookie usernamecookie = new Cookie("username", email);usernamecookie.setMaxAge(60 * 60 * 24 * 7);// 一定要设置缓存时间，要不然cookie是session级别的，关闭浏览器后，就会失效response.addCookie(usernamecookie);// 添加用户名Cookie passwordcookie = new Cookie("password", password);passwordcookie.setMaxAge(60 * 60 * 24 * 7);//7天的缓存时间response.addCookie(passwordcookie);// 添加密码}return "redirect:/index";} else {return "error";}}

登陆拦截器：

public class LoginInterceptor extends HandlerInterceptorAdapter {@Resourceprivate UserService userService;@Overridepublic boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {// TODO Auto-generated method stubSystem.out.println("preHandle");String username = null;String password = null;Cookie[] cookies = request.getCookies();if (cookies != null && cookies.length != 0) {for (Cookie cookie : cookies) {if ("username".equals(cookie.getName())) {username = cookie.getValue();}if ("password".equals(cookie.getName())) {password = cookie.getValue();}}}if (null != username && null != password) {User user = userService.getByEmail(username);if (null != user && user.getPassword() != null&& user.getPassword().equals(password)) {// 登陆成功request.getSession().setAttribute("user", user);// 放到session中response.sendRedirect(request.getContextPath() + "/index");return false;// 阻止向下执行实际的controller，如果没有retrun，它会继续执行实际的controller,但不会渲染实际的视图,而还是渲染上面的index视图}}return super.preHandle(request, response, handler);}@Overridepublic void postHandle(HttpServletRequest request,HttpServletResponse response, Object handler,ModelAndView modelAndView) throws Exception {// TODO Auto-generated method stubSystem.out.println("postHandle");super.postHandle(request, response, handler, modelAndView);}@Overridepublic void afterCompletion(HttpServletRequest request,HttpServletResponse response, Object handler, Exception ex)throws Exception {// TODO Auto-generated method stubSystem.out.println("afterCompletion");super.afterCompletion(request, response, handler, ex);}}

在spring中配置登陆的拦截器:

<!--  拦截器配置 --><mvc:interceptors><!-- 登陆拦截器 --><mvc:interceptor><mvc:mapping path="/toLogin"/><bean class="com.chenjun.mall.intercepters.LoginInterceptor"></bean></mvc:interceptor></mvc:interceptors>

这样在下次登陆时，就不会进入登陆页，直接进入主页了