跟踪用户登录状态

跟踪过程如下

登录成功的时候：

/**
     * 用户登录方法
     * @param req
     * @param resp
     * @throws ServletException
     * @throws IOException
     */
    @SuppressWarnings("unused")
    private void login(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        String expiredays = req.getParameter("expiredays");
        Cookie[] cookies = req.getCookies();
        //是否登陆的标记，true登录false未登录
        boolean login = false;
        String account = null;//登录账号
        String ssid = null;//这是一个标记，通过cookie判断一个用户该不该成功登录
        /**
         * 非首次登陆，获取userKey和ssid对应的值
         */
        if(cookies != null && cookies.length > 0) {
            for (Cookie cookie : cookies) {
                if(cookie.getName().equals("userKey")) {
                    account = cookie.getValue();
                }

                if(cookie.getName().equals("ssid")) {
                    ssid = cookie.getValue();
                }
            }
        }

        if(account != null && ssid != null) {
            login = ssid.equals(CookiesUtils.md5Encrypt(username));
        }

        if(!login) {//用户首次登陆，不实用Cookie
            //第一次登录
            User user = userService.login(username, password);//通过访问数据库检查用户名和密码
            //登录成功返回用户，登录失败返回null
            if(user != null) { //首次登陆成功
                //写cookie
                expiredays = (expiredays==null)?"":expiredays;
                /**
                 * 写入相关的cookie,分别为userKey和ssid对应的信息
                 */
                switch (expiredays) {
                case "7" : {
                    CookiesUtils.createCookie(username, req, resp, 7*24*60*60);
                    break;
                }
                case "30" : {
                    //创建cookie 30天
                    CookiesUtils.createCookie(username, req, resp, 30*24*60*60);
                    break;
                }
                case "100" : {
                    //创建cookie 永远 Integer.Max
                    CookiesUtils.createCookie(username, req, resp, Integer.MAX_VALUE);
                    break;
                }
                default : {
                    CookiesUtils.createCookie(username, req, resp, -1);
                    break;
                }
                }
                //记录登陆状态
                req.getSession().setAttribute("user", user.getUsername());
                //登陆成功
                req.getRequestDispatcher("/main.jsp").forward(req, resp);
            }else {//首次登陆用户名或密码错误
                req.setAttribute("note", "用户名或密码是错误的！");
                req.getRequestDispatcher("/login.jsp").forward(req, resp);
            }
        } else {//Cookie登陆成功
            //记录登陆状态
            req.getSession().setAttribute("user", username);
            expiredays = (expiredays==null)?"":expiredays;
            if(expiredays.equals("-1")) {
                CookiesUtils.createCookie(username, req, resp, -1);
            }
            req.getRequestDispatcher("/main.jsp").forward(req, resp);
        }
    }

req.getSession().setAttribute(“user”, username);
req.getSession().setAttribute(“user”, user.getUsername());
session记录了登陆的状态

登录状态的使用

main.jsp 也就是跳转页面加入检测

</head>
<body>

    <%
        String username = (String)request.getSession().getAttribute("user");
        if(username == null || "".equals(username)) {
            response.sendRedirect(request.getContextPath() + "/login.jsp");
        }
    %>

在代码运行之前，进行数据的检测。