50 Day1 servlet / session / cookie / verification code (the client output to the picture)

Copyright: https://blog.csdn.net/qq_39263750/article/details/90203061

1. The common status codes include
200,302,404,405,500

2. Redirect and ForwardedThe difference
redirection: two requests to change the address bar, you can go to the other site from the current site, to write the full path to redirect.

Forward: a request, an internal server jump, change the address bar, only to jump in the current Web site. Forwards only need to write a page path.

The difference between redirection and forwarding

1. Request a different number: Redirection is two times the request, forwarding a request
2. Redirect may access an address outside of your project, but can not be forwarded.
3. redirection request field can not be used while using the forwarding request field, a request, a request object
4. redirection address bar may occur vary, forwardedWill not
The redirection request is likely to change the way (the request must be re-get request, provided only post post request is displayed, otherwise get request), but without forwarding
method 6. redirect response (by modifying head redirect complete response), and forwards the request method resquest (primary request, forwarded to the Servlet different)

---

The difference between GET POST

post: no limit to the amount of data. Body there is a request, the data requested in the body, to be packaged, slow efficiency, high security. Garbage treatment.

get: the amount of data is not requested body 1k, data is transmitted in the address bar. Without encapsulation efficiency of fast, low security.

2019-5-4

JSP：

In Web2.0 page, using labels replace java code. Do not write java code in jsp page (but difficult)

JSP script:
<% =%> do output
<%%> java, the method body which can write will be posted there
<%!> Class braces inside to write what, there will be able to write what

JSP built-in objects

Built-in objects JSP page: jsp page member variable has been defined, users do not need to create the object can be used directly.
A total of nine built-in objects:

request、response、out、session、application、pageContext、page、config、exception

Built-in objects (also known as implicit objects), that is, jsp, the need to create (to create the server <container>), the object can be used directly.

REQUEST request object type Scope Request javax.servlet.ServletRequest

response in response to the type of object Page scope javax.servlet.ServletResponse

pageContext page context object type javax.servlet.jsp.PageContext scope Page

session session object type javax.servlet.http.HttpSession scope Session

application application object type javax.servlet.ServletContext Scope Application

the type of output object out of scope Page javax.servlet.jsp.JspWriter

config configuration object types javax.servlet.ServletConfig scope Page

page page java.lang.Object object type Scope Page

exception exception object type java.lang.Throwable Scope page

---

Poor readability.

JS can do, let the general principles JS do, do not throw the server, increasing the burden.

MVC

The difference between the two

If the data is to be played back to the page, the data is stored in the request.
req.setAttribute.

getRequestDispatcher: forwarding.

Data Echo:

The original count of the number two, end of the calculation results to you, but that page does not display the original, how to make the original data still show? (Because the response to the request back to a new page)

The two values then can be stored inside the domain.

This time, on 1 and 2 after the recalculation still.

So, I wanted to echo the domain exists inside can be.

Echo data can be used later to remember user names, remember their password

---

HTTP protocol is stateless protocol:

A user requests the server, the server processes the request, in response to the user.
After the response, the server does not remember the data.
In the next time a user request to the server, before the data server is not known, before the server is not the requested data.
We want the server to remember some useful data, this time on the use of:

Web technology to maintain state: Cookie, session.

All web of things that are pairs.

Create a cookie object, the manner of the response to the server to keep inside.

Take cookie:

A cookie is a presence in the browser, as long as the browser or switch off the server, cookie automatically cleared.

Cookie object after initialization can set an expiration time

After setting the expiration time, turn off the browser cookie or saved, not destroyed. Because the browser will set the expiration time is off by default browser

This usage can be used later when writing the web page, if the point of the cart and other functions without login, the login page will display:please log in first。

After login if, likeRemember Account Name. (Sometimes also remember the password), and then after the user login without entering a name

It is to use a cookie to store.

Full version Servlet:

The full version of the login page



After the successful landing, the next time you log in, the user name will be remembered.

Summary: Cookie:

Cookie: data size of 4K
data types: String
expiration time: The default browser is closed, fail.
Storage locations: the client browser
security: poor. Safe site, cookie used to store a maximum of only username, not to remember passwords.

Servlet three domain objects

ServletContext: Scope: The server is turned on, the server ends
Request: request response time, response ends, the content of this field do not up.
session: One session: a session can have multiple requests response
(full version in the footer)
to create a session:

Remove the session:

Session structure: Map which also installed a Map

The outer layer map sessionID. Because it will save a lot of Session in the server, so the first should be the ID. You can go through a session ID.

SessionID Cookie is actually a

long session is established, the server will give you set up a sessionID.

So, close your browser, sessionID default on the failure, so this time looking back through the session id is not found. But the session still exists in the server. But the cause == "close browser" session ended the illusion of life processes. ==

Summary: Session:

Data Size: Unlimited
Data Type: object
Expires: a session, the server the default 30 minutes (if interact again within 30 minutes, is recalculated 30 minutes)
the storage location: Server
Security: relatively high

By introducing the session, and improve user login

It must be recorded Session

When you click certain needs landing page, at this time there is no session (either not logged in), forwarded back to the landing page, and return to his words

At the moment it is used in the above said turn around

if(条件){
xxxx
}else{
req.setAttribute（”msg“,”xxx“）
req.getRequestDispatcher（”/地址。jsp“）.forward（req,resp）
}

Not now when landing, if direct access to the welcome, the

Configuring session expire date：

---

If the browser to disable the cookie, the session would not be able to use. To avoid this, you can rewrite the URL:

(Futile)

Problem: the difference between the cookie session application.

Security Code:

Role: to prevent brute force, violence registration

Use codes:
1. The server generates a set of random characters, stored in the session
2. The character image in response to the user becomes
3. codes stored in the session of

First, import jar package: chinasofti-tools. View inside the painted jar method validation code

found inside the jar package three public classes can be retrieved for our use:


How retrieved jar inside the package and use these three methods?

Create imageServlet.

Because the codes generated using the get method (sending a get request to get a verification code), the write method of the get inside the servlet's
response.getOutputStream: Image output stream Detailed below.

ServletOutputStream getOutputStream()

Byte stream is obtained, write (byte [] bytes) by the byte stream of bytes may be written to the response buffer, then the contents of the byte consisting Tomcat server Http response back to the browser.

response.getWriter (). write ( "string"), this method can only write a string. If you want to write byte, for example, transfer pictures, how to do it? It is up to response.getOutputStream ()

This servlet can be accessed directly (ie as a servlet jsp)

now come jsp page:

fill out the address of the servlet, you can use.

Verification code refresh

Although the code may vary by F5, but the actual use is not convenient because you want to re-enter the account password.


Verification code, click on the link verification code switching function is realized.

getOutPutStream byte character stream flow is what?

Perfect landing account password verification, functional verification code

servlet return several values ​​were to come back, to be received in jsp page:

Successful landing, jump to the welcome page

test:

1. The account password is correct, the error code:

2. account password error, error code

3. account password error, correct code

4. account password verification code are right.

Servlet application development javaweb three domain objects (request, session, application (ServletContext)).

1. Request
   Request is a request, just send a request will create a request, its scope: valid only if the current request.

Use: used in the same between the server request parameter transfer between different pages, often used in the form of transfer control value.

方法：request.setAttribute(); request.getAttribute(); request.removeAttribute(); request.getParameter().

2. session
   server creates a session object for each session, so session data is available for all current session servlet share.

Session: the user opens the browser session began, until you close the browser session will end. Creating a session object only once during a session.

Use: commonly used in web development login verification interface (when the browser assign a session key that the user logs on successfully).

方法：session.setAttribute(); session.getAttribute(); session.removeAttribute();

Obtaining session object methods:

In the Servlet: HttpSession session = request.getSession ();
since the session belongs to one of the objects built jsp nine, of course, can be used directly. For example: <% session.serAttribute ( "name" , "admin")%>.
session is destroyed
1) session timeout;
2) After the client closes, could not visit the client and the corresponding session, it will be destroyed after a timeout;
3) call session invalidate ();.
Note: session is server-side object, stored on the server side. Sessionid generated and the server can be created after the session back to the client through a cookie, so that the next verification. (Session depends on the underlying cookie)

3. Application (ServletContext)
   Range: All users can get this information, this information is retained over the entire server. Application range of property value, as long as the set once, then all pages can obtain the data window. ServletContext is created when the server starts, destroyed when the server shuts down, only a JavaWeb application creates a ServletContext object, all clients accessing the server share the same ServletContext object; ServletContext object is generally used to share data among multiple clients use;

Application object acquisition method (Servlet in):
the ServletContext app01 this.getServletContext = ();
app01.setAttribute ( "name", "Kaixuan"); // set into a value

                ServletContext app02 = this.getServletContext();
                 app02.getAttribute("name");    //获取键值对  

JSP is one of nine ServletContext with built-in objects, it can be used directly

Note: The server will only create a ServletContext object, so that app02 app01, the value set by app01 app02 can certainly get by.

to sum up:

1. Scope: request session application

• Using the scope and stored data transfer
• When using the scope to transfer data, you must grasp the scope of the life cycle and the corresponding scope

2. • The life cycle

• (1) request: the request is limited to one
• (2) session: a session (multiple requests)
• Start

•  用户向服务器发送请求的时候 
  

•  结束
  

•    客户端
  

•     丢失JsessionId值的时候（关闭浏览器）
  

•    服务器端 
  

•        关闭服务器 
  

•        超过会话的不活动周期时间 
  

• (3) application: Load project to uninstall
  * 3 scope.
• (1) requset: all requests forwarded Servlet
• (2) session: All Servlet
• (3) application: all Servlet (for a browser presentation, session scope with distinction)

4. * How to choose the right scope
* (1) request: functions associated with the current operation

• (2) session: the user with information related to
• (3) application: the global information associated with the project ---- "Jingdong delivery address
• 5. How to choose the right scope is not correct, what would happen
• Memory waste