Session详解，学习 Session对象一篇文章就够了

目录

1 Session概述

2 Session原理

3 Session使用

3.1 获取Session

3.2 Session保存数据

3.3 Session获取数据

3.4 Session移除数据

4 Session与Request应用区别

4.1 Session和request存储数据

4.2 获取session和request中的值

4.3 session和request区别效果

5 Session的声明周期

5.1 Session有效时间设置

5.2 session销毁

.6 浏览器禁用Cookie解决方案（了解）

6.1 浏览器禁用Cookie的后果

6.2 URL重写

6.3 实现URL重写

7 Session实战权限验证

7.1 创建管理员表manager并添加数据

7.2 创建Web项目

7.3 基础环境搭建

7.4 登录页面

7.5 LoginMgrController

7.6 ShowAllManagerController

7.7 ShowAllManagerJsp

8 Session实战保存验证码

8.1 创建验证码

8.2 登录页面

8.3 LoginMgrController

8.4 ShowAllManagerController

今天的分享就到此结束了

创作不易点赞评论互关三连

---

1 Session概述

（1）Session用于记录用户的状态。Session指的是一段时间内，单个客户端与Web服务器的一连串相关的交互过程。

（2）在一个Session中，客户可能会多次请求访问同一个资源，也有可能请求访问各种不同的服务器资源。

（3）Session是由服务器端创建的

2 Session原理

（1）Session会为每一次会话分配一个Session对象

（2）同一个浏览器发起的多次请求，同属于一次会话（Session）

（3）首次使用到Session时，服务器会自动创建Session，并创建Cookie存储SessionId发送回客户端

3 Session使用

Session作用域：拥有存储数据的空间，作用范围是一次会话有效

• 一次会话是使用同一浏览器发送的多次请求。一旦浏览器关闭，则结束会话

• 可以将数据存入Session中，在一次会话的任意位置进行获取

• 可传递任何数据（基本数据类型、对象、集合、数组）

3.1 获取Session

Session是服务器端自动创建的，通过request对象获取

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.*;
4. import javax.servlet.http.*;
5. import javax.servlet.annotation.*;
6. import java.io.IOException;
8. @WebServlet(name = "SessionServlet01", value = "/SessionServlet01")
9. public class SessionServlet01 extends HttpServlet {
10. @Override
11. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
12. //设置请求参数的编码格式，这种方式对get请求方式无效
13. request.setCharacterEncoding("UTF-8");
14. //设置响应编码格式为UTF-8
15. response.setContentType("text/html;charset=UTF-8");
17. //获取Session对象,首次使用到Session时，服务器会自动创建Session，并创建Cookie存储SessionId发送回客户端
18. HttpSession session = request.getSession();
19. System.out.println("ID:" + session.getId());//唯一标记
21. }
23. @Override
24. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
25. doGet(request, response);
26. }
27. }

3.2 Session保存数据

使用setArrtibute(属性名,Object)保存数据到session中

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "SessionServlet02", value = "/SessionServlet02")
12. public class SessionServlet02 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象,首次使用到Session时，服务器会自动创建Session，并创建Cookie存储SessionId发送回客户端
21. HttpSession session = request.getSession();
23. //将数据存储以键值对的形式到session对象中，可传递任何数据（基本数据类型、对象、集合、数组）
24. session.setAttribute("username","张三");
26. }
28. @Override
29. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
30. doGet(request, response);
31. }
32. }

 

3.3 Session获取数据

（1）使用getAttribute("属性名");获取session中数据。

（2）先访问SessionServlet02将数据存储到session对象中，然后通过GetSessionValueServlet01请求获取session中的数据

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.*;
4. import javax.servlet.http.*;
5. import javax.servlet.annotation.*;
6. import java.io.IOException;
8. @WebServlet(name = "GetSessionValueServlet01", value = "/GetSessionValueServlet01")
9. public class GetSessionValueServlet01 extends HttpServlet {
10. @Override
11. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
12. //设置请求参数的编码格式，这种方式对get请求方式无效
13. request.setCharacterEncoding("UTF-8");
14. //设置响应编码格式为UTF-8
15. response.setContentType("text/html;charset=UTF-8");
17. //获取Session对象
18. HttpSession session = request.getSession();
19. //获取session对象中的值，获取的值是Object类型，转换为其对应的类型
20. String username = (String) session.getAttribute("username");
21. System.out.println("session对象中存储的username值：" + username);
22. }
24. @Override
25. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
26. doGet(request, response);
27. }
28. }

3.4 Session移除数据

（1）使用removeAttribute("属性名");从session中删除数据

（2）向请求SessionServlet02向session对象中存储数据，然后访问GetSessionValueServlet01可以获取session对象中的值，再访问SessionServlet03移除session对象中存储的数据，最后访问GetSessionValueServlet01获取session对象中的值为null

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "SessionServlet03", value = "/SessionServlet03")
12. public class SessionServlet03 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象,首次使用到Session时，服务器会自动创建Session，并创建Cookie存储SessionId发送回客户端
21. HttpSession session = request.getSession();
23. //通过键移除session作用域中的值
24. session.removeAttribute("username");
26. }
28. @Override
29. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
30. doGet(request, response);
31. }
32. }

 

4 Session与Request应用区别

（1）request是一次请求有效，请求改变，则request改变

（2）session是一次会话有效，浏览器改变，则session改变

4.1 Session和request存储数据

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "SessionServlet04", value = "/SessionServlet04")
12. public class SessionServlet04 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象
21. HttpSession session = request.getSession();
23. //使用session存储数据
24. session.setAttribute("username","zhangsan");
25. //使用request存储数据
26. request.setAttribute("password","123456");
28. //重定向
29. response.sendRedirect("/webProject10_war_exploded/GetSessionValueServlet01");
31. }
33. @Override
34. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
35. doGet(request, response);
36. }
37. }

 

4.2 获取session和request中的值

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "GetSessionValueServlet01", value = "/GetSessionValueServlet01")
12. public class GetSessionAndRequestValueServlet01 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象
21. HttpSession session = request.getSession();
22. //获取session对象中的值，获取的值是Object类型，转换为其对应的类型
23. String username = (String) session.getAttribute("username");
24. //获取request对象中的值，获取的值是Object类型，转换为其对应的类型
25. String password = (String) request.getAttribute("password");
27. System.out.println("session对象中存储的username值：" + username);
28. System.out.println("request对象中存储的password值：" + password);
29. }
31. @Override
32. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
33. doGet(request, response);
34. }
35. }

4.3 session和request区别效果

5 Session的声明周期

1. 开始

   第一次使用到Session的请求产生，则创建Session

2. 结束

   • 浏览器关闭，则失效

   • Session超时，则失效

     session.setMaxInactiveInterval(seconds);//设置最大有效时间（单位：秒）

   • 手工销毁，则失效

     session.invalidate();//登录退出，销毁

5.1 Session有效时间设置

SessionServlet05类设置session有效期为20秒，先通过请求SessionServlet05类将session存储在，然后在20秒内第一次在GetSessionValueServlet02获取sessionID值，与SessionServlet05类中输出的id值一致，过20秒后在GetSessionValueServlet02类中输出的sessionID值不一致了

 

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "SessionServlet05", value = "/SessionServlet05")
12. public class SessionServlet05 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象,首次使用到Session时，服务器会自动创建Session，并创建Cookie存储SessionId发送回客户端
21. HttpSession session = request.getSession();
23. //设置session有效期,时间单位为秒
24. session.setMaxInactiveInterval(20);
26. //输出sessionid值
27. System.out.println("SessionServlet05类中输出ID:"+session.getId());
29. }
31. @Override
32. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
33. doGet(request, response);
34. }
35. }

5.2 session销毁

先使用GetSessionValueServlet03类获取session的id值，然后使用GetSessionValueServlet04类获取session的id值，两个类获取的id值一致，在GetSessionValueServlet04类中输出id值后销毁了session，然后再在GetSessionValueServlet03类中获取id值，就不一致了，就是服务器新建的session对象了

5.2.1 GetSessionValueServlet03类

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "GetSessionValueServlet03", value = "/GetSessionValueServlet03")
12. public class GetSessionValueServlet03 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象
21. HttpSession session = request.getSession();
23. //输出sessionid值
24. System.out.println("GetSessionValueServlet03类中输出ID:"+session.getId());
26. }
28. @Override
29. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
30. doGet(request, response);
31. }
32. }

 

5.2.2 GetSessionValueServlet04类

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "GetSessionValueServlet04", value = "/GetSessionValueServlet04")
12. public class GetSessionValueServlet04 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象
21. HttpSession session = request.getSession();
23. //输出sessionid值
24. System.out.println("GetSessionValueServlet04类中输出ID:"+session.getId());
26. //销毁session
27. session.invalidate();
29. }
31. @Override
32. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
33. doGet(request, response);
34. }
35. }

.6 浏览器禁用Cookie解决方案（了解）

6.1 浏览器禁用Cookie的后果

服务器在默认情况下，会使用Cookie的方式将sessionID发送给浏览器，如果用户禁止Cookie，则sessionID不会被浏览器保存，此时，服务器可以使用URL重写这样的方式来发送sessionID

 

多次请求GetSessionValueServlet05类输出的session的id值都不相同，并且在网站的Cookie对象中没有session的id值存在

 

6.2 URL重写

浏览器在访问服务器上的某个地址时，不再使用原来的那个地址，而是使用经过改写的地址（即在原来的地址后面加上了sessionID）

6.3 实现URL重写

response.encodeRedirectURL(String url)生成重写的URL

6.3.1 重写URL

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "GetSessionValueServlet06", value = "/GetSessionValueServlet06")
12. public class GetSessionValueServlet06 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象
21. HttpSession session = request.getSession();
23. //输出sessionid值
24. System.out.println("GetSessionValueServlet06类中输出ID:"+session.getId());
26. //重写URL追加session值
27. String newURL = response.encodeURL("/webProject10_war_exploded/GetSessionValueServlet07");
28. System.out.println("重写后的URL："+newURL);
29. //重定向
30. response.sendRedirect(newURL);
32. }
34. @Override
35. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
36. doGet(request, response);
37. }
38. }

 

6.3.1 获取session

1. package com.cxyzxc.www.servlet01;
3. import javax.servlet.ServletException;
4. import javax.servlet.annotation.WebServlet;
5. import javax.servlet.http.HttpServlet;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.io.IOException;
11. @WebServlet(name = "GetSessionValueServlet07", value = "/GetSessionValueServlet07")
12. public class GetSessionValueServlet07 extends HttpServlet {
13. @Override
14. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
15. //设置请求参数的编码格式，这种方式对get请求方式无效
16. request.setCharacterEncoding("UTF-8");
17. //设置响应编码格式为UTF-8
18. response.setContentType("text/html;charset=UTF-8");
20. //获取Session对象
21. HttpSession session = request.getSession();
23. //输出sessionid值
24. System.out.println("GetSessionValueServlet07类中输出ID:"+session.getId());
27. }
29. @Override
30. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
31. doGet(request, response);
32. }
33. }

7 Session实战权限验证

 

7.1 创建管理员表manager并添加数据

 

7.2 创建Web项目

创建Web项目，导入相关jar包

• commons-dbutils-1.7.jar

• druid-1.1.5.jar

• mysql-connector-java-5.1.25-bin.jar

• servlet-api.jar

7.3 基础环境搭建

在项目下创建包目录结构如下

• com.cxyzxc.www.controller包：调用业务逻辑Servlet

• com.cxyzxc.www.dao包：数据访问层接口

• com.cxyzxc.www.dao.impl包：数据访问层接口实现类

• com.cxyzxc.www.entity包：实体类

• com.cxyzxc.www.jsp包：打印显示页面Servlet

• com.cxyzxc.www.service包：业务逻辑层接口

• com.cxyzxc.www.service.impl包：业务逻辑层接口实现类

• com.cxyzxc.www.utils包：工具类

• database.properties:数据库连接及连接池配置文件

7.4 登录页面

7.4.1 login.html

2. "en">
4. "UTF-8">
6. "text/css" rel="stylesheet" href="css/login.css"/>
11. "LoginMgrController" method="post">
13. 账号："text" name="username"/>
16. 密码："password" name="password"/>
19. "submit" value="登录"/>

 

7.4.2 login.css

1. * {
2. margin: 0;
3. padding: 0;
4. }
6. div {
7. width: 400px;
8. background-color: #ccc;
9. margin: 30px auto;
10. padding-top: 30px;
11. text-align: center;
12. }
14. p {
15. margin-top: 10px;
16. }
18. input {
19. outline: none;
20. }

7.5 LoginMgrController

1. package com.cxyzxc.www.controller;
3. import com.cxyzxc.www.entity.Manager;
4. import com.cxyzxc.www.service.ManagerService;
5. import com.cxyzxc.www.service.impl.ManagerServiceImpl;
7. import javax.servlet.*;
8. import javax.servlet.http.*;
9. import javax.servlet.annotation.*;
10. import java.io.IOException;
12. @WebServlet(name = "LoginMgrController", value = "/LoginMgrController")
13. public class LoginMgrController extends HttpServlet {
14. @Override
15. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
16. //1、处理乱码
17. request.setCharacterEncoding("UTF-8");
18. response.setContentType("text/html;charset=UTF-8");
20. //2、收参（获取客户端发送过来的请求数据）
21. String username = request.getParameter("username");
22. String password = request.getParameter("password");
24. //3、调用业务方法
25. ManagerService managerService = new ManagerServiceImpl();
26. Manager manager = managerService.login(username, password);
29. //4、处理结果，根据结果做不同的跳转
30. if (manager != null) {//manager不为null，说明账号和密码正确，登录成功
31. //将获取的账号和密码信息存储在session中
32. HttpSession session = request.getSession();
33. session.setAttribute("manager", manager);
34. //跳转到显示所有管理员信息的Servlet
35. response.sendRedirect("/managerProject01_war_exploded/ShowAllManagerController");
36. } else {//manager为null。说明账号或者密码错误，登录失败
37. response.sendRedirect("/managerProject01_war_exploded/login.html");
38. }
41. }
43. @Override
44. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
45. doGet(request, response);
46. }
47. }

7.6 ShowAllManagerController

1. package com.cxyzxc.www.controller;
3. import com.cxyzxc.www.entity.Manager;
4. import com.cxyzxc.www.service.ManagerService;
5. import com.cxyzxc.www.service.impl.ManagerServiceImpl;
7. import javax.servlet.*;
8. import javax.servlet.http.*;
9. import javax.servlet.annotation.*;
10. import java.io.IOException;
11. import java.util.List;
13. @WebServlet(name = "ShowAllManagerController", value = "/ShowAllManagerController")
14. public class ShowAllManagerController extends HttpServlet {
15. @Override
16. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
17. //1、处理乱码
18. request.setCharacterEncoding("UTF-8");
19. response.setContentType("text/html;charset=UTF-8");
21. //通过HttpSession完成权限控制
22. HttpSession session =request.getSession();
23. //获取session中存储的值
24. Manager manager = (Manager)session.getAttribute("manager");
25. //判断获取的值
26. if(manager!=null){
27. //调用业务,只做业务，业务与显示分离
28. ManagerService managerService = new ManagerServiceImpl();
29. List managers =managerService.showAllManager();
30. //将获取的数据存储在request作用域中
31. request.setAttribute("managers",managers);
32. //转发，跳转到显示结果的Servlet
33. request.getRequestDispatcher("/ShowAllManagerJsp").forward(request,response);
34. }else{
35. //说明没有登录，要先去登录才能进行显示
36. response.sendRedirect("/managerProject01_war_exploded/login.html");
37. }
38. }
40. @Override
41. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
42. doGet(request, response);
43. }
44. }

7.7 ShowAllManagerJsp

1. package com.cxyzxc.www.jsp;
3. import com.cxyzxc.www.entity.Manager;
5. import javax.servlet.*;
6. import javax.servlet.http.*;
7. import javax.servlet.annotation.*;
8. import java.io.IOException;
9. import java.io.PrintWriter;
10. import java.util.List;
12. @WebServlet(name = "ShowAllManagerJsp", value = "/ShowAllManagerJsp")
13. public class ShowAllManagerJsp extends HttpServlet {
14. @Override
15. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
16. //1、处理乱码
17. request.setCharacterEncoding("UTF-8");
18. response.setContentType("text/html;charset=UTF-8");
20. //2、获取数据
21. List managers = (List) request.getAttribute("managers");
23. //获取输出流
24. PrintWriter printWriter = response.getWriter();
25. if (managers.size() != 0) {
26. printWriter.println("");
27. printWriter.println("");
28. printWriter.println("");
29. printWriter.println("");
30. printWriter.println("");
31. printWriter.println("");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    for (int i = 0; i < managers.size(); i++) {
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    printWriter.println("
    ");
    }
    printWriter.println("

    序号	账号	密码	操作
    " + (i + 1) + "	" + managers.get(i).getUsername() + "	" + managers.get(i).getPassword() + "	修改 删除

    ");
32. printWriter.println("");
33. } else {
34. printWriter.println("

    数据库中没有数据查询

    ");
35. }
36. }
38. @Override
39. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
40. doGet(request, response);
41. }
42. }

8 Session实战保存验证码

生成验证码的方式有很多种，可以使用随机数的方式实现，也可以使用ValidateCode类来实现（需要导入ValidateCode.jar包）。在这里，我们学习使用ValidateCode类来生成验证码

8.1 创建验证码

1. package com.cxyzxc.www.controller;
3. import cn.dsna.util.images.ValidateCode;
5. import javax.servlet.*;
6. import javax.servlet.http.*;
7. import javax.servlet.annotation.*;
8. import java.io.IOException;
10. /**
11. * 此Servlet的作用是生成验证码并将生成的验证码存储到session中、发送到页面中显示
12. */
13. @WebServlet(name = "VerificationServlet", value = "/VerificationServlet")
14. public class VerificationServlet extends HttpServlet {
15. @Override
16. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
17. //设置验证码规格
18. ValidateCode validateCode = new ValidateCode(200, 20, 4, 10);
19. //获取验证码
20. String code = validateCode.getCode();
21. //将验证码存储在session中
22. HttpSession session = request.getSession();
23. session.setAttribute("code",code);
24. //将验证码输出到客户端
25. validateCode.write(response.getOutputStream());
26. }
28. @Override
29. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
30. doGet(request, response);
31. }
32. }

8.2 登录页面

2. "en">
4. "UTF-8">
6. "text/css" rel="stylesheet" href="css/login.css"/>
11. "LoginMgrController" method="post">
13. 账号："text" name="username"/>
16. 密码："password" name="password"/>
19. 验证码："text" name="verification"/>
20. "/managerProject02_war_exploded/VerificationServlet"%20/>
21. %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20

22. %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20

23. %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20"submit"%20value="登录"/>
24. %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20

25. %20%20%20%20%20%20%20%20%20%20%20%20
26. %20%20%20%20%20%20%20%20
27. %20%20%20%20

8.3 LoginMgrController

1. package com.cxyzxc.www.controller;
3. import com.cxyzxc.www.entity.Manager;
4. import com.cxyzxc.www.service.ManagerService;
5. import com.cxyzxc.www.service.impl.ManagerServiceImpl;
7. import javax.servlet.ServletException;
8. import javax.servlet.annotation.WebServlet;
9. import javax.servlet.http.HttpServlet;
10. import javax.servlet.http.HttpServletRequest;
11. import javax.servlet.http.HttpServletResponse;
12. import javax.servlet.http.HttpSession;
13. import java.io.IOException;
15. @WebServlet(name = "LoginMgrController", value = "/LoginMgrController")
16. public class LoginMgrController extends HttpServlet {
17. @Override
18. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
19. //1、处理乱码
20. request.setCharacterEncoding("UTF-8");
21. response.setContentType("text/html;charset=UTF-8");
23. //2、收参（获取客户端发送过来的请求数据）
24. String username = request.getParameter("username");
25. String password = request.getParameter("password");
26. String inputCodde = request.getParameter("verification");
28. //获取session中的验证码
29. HttpSession session = request.getSession();
30. String codes = (String) session.getAttribute("code");
32. if (!inputCodde.isEmpty() && inputCodde.equalsIgnoreCase(codes)) {
33. //3、调用业务方法
34. ManagerService managerService = new ManagerServiceImpl();
35. Manager manager = managerService.login(username, password);
37. //4、处理结果，根据结果做不同的跳转
38. if (manager != null) {//manager不为null，说明账号和密码正确，登录成功
39. //将获取的账号和密码信息存储在session中
40. HttpSession session2 = request.getSession();
41. session2.setAttribute("manager", manager);
42. //跳转到显示所有管理员信息的Servlet
43. response.sendRedirect("/managerProject02_war_exploded/ShowAllManagerController");
44. } else {//manager为null。说明账号或者密码错误，登录失败
45. response.sendRedirect("/managerProject02_war_exploded/login.html");
46. }
47. } else {//验证码不对，重新登录
48. response.sendRedirect("/managerProject02_war_exploded/login.html");
49. }
52. }
54. @Override
55. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
56. doGet(request, response);
57. }
58. }

8.4 ShowAllManagerController

1. package com.cxyzxc.www.controller;
3. import com.cxyzxc.www.entity.Manager;
4. import com.cxyzxc.www.service.ManagerService;
5. import com.cxyzxc.www.service.impl.ManagerServiceImpl;
7. import javax.servlet.ServletException;
8. import javax.servlet.annotation.WebServlet;
9. import javax.servlet.http.HttpServlet;
10. import javax.servlet.http.HttpServletRequest;
11. import javax.servlet.http.HttpServletResponse;
12. import javax.servlet.http.HttpSession;
13. import java.io.IOException;
14. import java.util.List;
16. @WebServlet(name = "ShowAllManagerController", value = "/ShowAllManagerController")
17. public class ShowAllManagerController extends HttpServlet {
18. @Override
19. protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
20. //通过HttpSession完成权限控制
21. HttpSession session =request.getSession();
22. //获取session中存储的值
23. Manager manager = (Manager)session.getAttribute("manager");
24. //判断获取的值
25. if(manager!=null){
26. //调用业务,只做业务，业务与显示分离
27. ManagerService managerService = new ManagerServiceImpl();
28. List managers =managerService.showAllManager();
29. //将获取的数据存储在request作用域中
30. request.setAttribute("managers",managers);
31. //转发，跳转到显示结果的Servlet
32. request.getRequestDispatcher("/ShowAllManagerJsp").forward(request,response);
33. }else{
34. //说明没有登录，要先去登录才能进行显示
35. response.sendRedirect("/managerProject02_war_exploded/login.html");
36. }
37. }
39. @Override
40. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
41. doGet(request, response);
42. }
43. }

今天的分享就到此结束了

创作不易点赞评论互关三连