一、会话简介
1、存储客户端的状态
因为 http无状态的,也就是说每个客户端访问服务端资源的时候服务器并不知道客户端是谁,所以需要会话技术识别客户端的状态。
2、会话技术
从打开一个浏览器访问某个站点到关闭这个浏览器的整个过程,称之为一会话。
会话技术就是记录这次会话中客户端的状态和数据的。
会话技术分为 Cookie 和 Session :
Cookie:数据存储在客户端本地,减少服务器端的存储压力,安全性不好,客户端可以清除 Cookie。
Session: 将数据存储在服务器端,安全性相对好,增加服务器端的压力。
二、Cookie 技术
Cookie 技术是将用户的数据存储在客户端的技术,我们分为两个方面学习:
第一:服务器端怎么将一个 Cookie 发送给客户端。
第二:服务器端怎么接受客户端携带的 Cookie。
1、服务端向客户发送一个 Cookie
1)创建 Cookie: Cookie cookie = new Cookie(String cookieName, String cookieValue);
实例:
Cookie cookie = new Cookie("username", "zhangsan");
那么该 cookie 会以响应头的形式发送给客户端:
Set Cookie"name = zhangsan"
2)将cookie 中存储的信息发送到客户端---头
response.addCookie(cookie);
package com.ma.cookie;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class SendCookie
*/
public class SendCookie extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//1、创建 Cookie 对象
Cookie cookie = new Cookie("name", "zhangsan");
//2、将cookie 中存储的信息发送到客户端---头
response.addCookie(cookie);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
2、服务器端识别客户端带过来的 cookie
package com.ma.cookie;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class GetCookie
*/
public class GetCookie extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//1、获得客户端携带的 cookie
Cookie[] cookies = request.getCookies();
//2、通过 cookie 的名称获得想要的 cookie
for(Cookie cookie : cookies){
String cookieName = cookie.getName();
if(cookieName.equals("name")){
String cookieValue = cookie.getValue();
System.out.println(cookieValue);
}
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
客户端请求时携带 cookie 信息
案例:
显示用户上一次访问的时间。
三、Session 技术
session 技术基于 cookie 技术。
存储 session的编号:JSESSIONID。
学习:
1、怎么开创一个属于客户端的 Session 区域。
2、怎么向session 区域中存取数据。
3、session的生命周期。
获取Session :
package com.ma.session;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class SessionServlet1
*/
public class SessionServlet1 extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//1、创建属于该客户端私有的 Session 区域
//方法判断客户端在服务器端是否已经创建 session
//没有 :创建
//有:获得session 的引用
HttpSession session = request.getSession();
String id = session.getId();
response.getWriter().write("JSESSION"+ id);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
效果:
2、存取session 中的数据
存:
package com.ma.session;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class SessionServlet1
*/
public class SessionServlet1 extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//1、创建属于该客户端私有的 Session 区域
//方法判断客户端在服务器端是否已经创建 session
//没有 :创建
//有:获得session 的引用
HttpSession session = request.getSession();
session.setAttribute("name", "Jerry");
String id = session.getId();
response.getWriter().write("JSESSION"+ id);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
取:
package com.ma.session;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class SessionServlet2
*/
public class SessionServlet2 extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//1、获取 session 中的数据
HttpSession session = request.getSession();
String attribute = (String) session.getAttribute("name");
response.getWriter().write(attribute);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
效果:
cookie 的持久化
//手动创建一个存储JSESSION 的 cookie 为cookie 设置持久化时间
Cookie cookie = new Cookie("JSESSIONID", id);
cookie.setPath("/WEB16/");
cookie.setMaxAge(60*10);
response.getWriter().write("JSESSION"+ id);