网站用户存在状态的session用法及例子

问题？首先我们知道，在我们登录网站的时候，点击一个又一个链接，但是用户显示依然存在，这是为什么呢，网站又是如何识别的呢？那怎么来做这个效果呢？接下来用一个例子及原理为大家说明。

原理：session的用法，当我们登陆验证成功后就在session中写一个标记，等点击链接的时候就会一直识别是否有这个标记。

HttpSession概述及原理探讨
得到HttpSession对象：
HttpServletRequest.getSession():根据特殊Cookie（JSESSIONID=HttpSession对象的id,由服务器生成，唯一的）的取值，在服务器的内存中根据id查找这个HttpSession对象，找到了，取出来继续服务；没有找到，创建一个新的HttpSession对象。

第一步：建立jsp或者html页面

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>My JSP 'Login.jsp' starting page</title>    <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0">    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">-->  </head>  <!-- 该函数无法执行的话，可能是没有通知浏览器不要缓存的原因 -->  <script type="text/javascript">  function toreal(){  document.location.href="Login.jsp";  }    </script>  <body>    <form action="/day08/servlet/LandingServlet" method="post">     <br>  用  户 名：<input type="text" name="username">     <br>  密      码：<input type="password" name="password">     <br>      <input type="text" name="code">      <img alt="验证码" src="/day08/servlet/ImageServlet"><!-- 内部自动发送请求<span style="white-space:pre"></span>，加载验证码 -->        <a href="javascript:toreal()">看不清</a><br/>      <input type="submit"  value="提交">  </form>  </body></html>

第二步：xml文件

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">  <display-name>day08</display-name>  <servlet>    <servlet-name>IndexServlet</servlet-name>    <servlet-class>com.dp.javaweb.login.IndexServlet</servlet-class>  </servlet>  <servlet>    <servlet-name>LandingServlet</servlet-name>    <servlet-class>com.dp.javaweb.login.LandingServlet</servlet-class>  </servlet>  <servlet>    <servlet-name>LoginoutServlet</servlet-name>    <servlet-class>com.dp.javaweb.login.LoginoutServlet</servlet-class>  </servlet>  <servlet>    <servlet-name>ImageServlet</servlet-name>    <servlet-class>com.dp.javaweb.login.ImageServlet</servlet-class>  </servlet>  <servlet-mapping>    <servlet-name>IndexServlet</servlet-name>    <url-pattern>/servlet/IndexServlet</url-pattern>  </servlet-mapping>  <servlet-mapping>    <servlet-name>LandingServlet</servlet-name>    <url-pattern>/servlet/LandingServlet</url-pattern>  </servlet-mapping>  <servlet-mapping>    <servlet-name>LoginoutServlet</servlet-name>    <url-pattern>/servlet/LoginoutServlet</url-pattern>  </servlet-mapping>  <servlet-mapping>    <servlet-name>ImageServlet</servlet-name>    <url-pattern>/servlet/ImageServlet</url-pattern>  </servlet-mapping>    <welcome-file-list>    <welcome-file>Login.jsp</welcome-file>  </welcome-file-list></web-app>

第三步：画图验证码class类

package com.dp.javaweb.login;import java.awt.Color;import java.awt.Font;import java.awt.Graphics;import java.awt.image.BufferedImage;import java.io.IOException;import java.util.Random;import javax.imageio.ImageIO;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class ImageServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {<span style="white-space:pre"></span>//通知浏览器不要缓存response.setHeader("Expires", "-1");response.setHeader("Cache-Control", "no-cache");response.setHeader("Pragma", "-1");int height=25;int width=120;//得到一个内存图像BufferedImageBufferedImage img=new BufferedImage(width, height, BufferedImage.TYPE_<span style="white-space:pre"></span>INT_RGB);//得到一个画笔Graphics g=img.getGraphics();//画边框drawRect绘制指定矩形的边框。g.drawRect(0, 0, width, height);//填充颜色g.setColor(Color.RED);g.fillRect(1, 1, width-2, height-2);//画干扰线g.setColor(Color.BLACK);Random r=new Random();for(int i=0;i<20;i++)g.drawLine(r.nextInt(width), r.nextInt(height), r.nextInt(width), r.nextInt(height));//生成随机数字g.setColor(Color.BLUE);g.setFont(new Font("微软雅黑", Font.BOLD|Font.ITALIC, 20));//BOLD加粗，ITALIC斜体int d=15;StringBuffer sb=new StringBuffer();//可变字符串的利用for(int j=0;j<4;j++){String code=r.nextInt(10)+"";sb.append(code);g.drawString(code+"", d, 20);d+=20;}//将验证码输入到session中，用来验证request.getSession().setAttribute("code", sb.toString());//输出打web页面ImageIO.write(img, "jpg", response.getOutputStream());}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

第四步：处理用户密码验证码类(这里就开始利用session的作用，因为痛密码用户一样也在验证码出也写了一个session)

package com.dp.javaweb.login;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * 处理用户密码 * */public class LandingServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {request.setCharacterEncoding("UTF-8");response.setContentType("text/html;charset=UTF-8");PrintWriter out=response.getWriter();//验证用户和密码String username=request.getParameter("username");String password=request.getParameter("password");String code=request.getParameter("code");//得到session中的session验证码String sessuoncode=(String)request.getSession().getAttribute("code");//验证验证码if(!code.equals(sessuoncode)){out.write("登陆失败，错误的验证码！！<a href='/day08/'>重新登录</a>");return;//不往下执行了}StringBuffer sb=new StringBuffer(password);password=sb.reverse().toString();//reverse()将此字符序列用其反转形式取代if(username.equals(password)){User user=new User();user.setUsername(username);user.setPassword(password);//在把user对象放入session中，有了标记，这点儿很重要。request.getSession().setAttribute("user", user);out.write("登陆成功，2秒后自动返回到主页面！！");}else{out.write("登陆失败，2秒钟后自动返回到主页面！！");}response.setHeader("Refresh","2;URL=/day08/servlet/IndexServlet");}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

第五步：验证session是否存在，并处理登陆状态

package com.dp.javaweb.login;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * 验证session中用户和密码 * */public class IndexServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {response.setContentType("text/html;charset=UTF-8");PrintWriter out=response.getWriter();HttpSession session=request.getSession();//创建session对象User user=(User)session.getAttribute("user");//得到标记//session.setMaxInactiveInterval(2);//setMaxInactiveInterval表示2秒内不对session做出操作，自动删除session//一般情况下，不用设置这个函数,因为getMaxInactiveInterval()的session的默认失效为1800毫秒也就是半分钟//System.out.println(session.getMaxInactiveInterval());//打印默认session存在时间if(user==null){out.write("<a href='/day08/'>请登陆</a>");}else{out.write("欢迎您："+user.getUsername()+"    <a href='/day08/servlet/LoginoutServlet'>注销</a>");}out.write("<hr/>"); out.write("主页：");  }public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

第六步：注销功能的实现，这个功能主要是将写入session的标记去除掉或者将域中的标记联系中断

package com.dp.javaweb.login;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;//去掉session中的登陆标记，也就是用于注销public class LoginoutServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {response.setContentType("text/html;charset=UTF-8");request.setCharacterEncoding("UTF-8");PrintWriter out=response.getWriter();request.getSession().removeAttribute("user");//删除了域中绑定的对象//request.getSession().invalidate();//这是直接销毁session，可任选一种out.write("注销成功，2秒后自动转入主页。");response.setHeader("Refresh", "2;URL=/day08/servlet/IndexServlet");}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

第七步：封装用户密码的Bean类

package com.dp.javaweb.login;public class User {private String username;private String password;public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}}

结果显示：

        

第一种情况：验证码错误

       

第二种情况：用户密码错误

       

第三种情况：登陆成功后

                    

最后的注销就不用我说了吧！就是去掉session的标记。

注意：session.setMaxInactiveInterval(30 * 60);//单位秒，这是设置网页中session在缓存中的存在时间
   如果不设置的话，session,默认过期时间为30分钟也就是1800秒，

    session时间的另外一种设置方式，在另一边博客上写得有喔。