Session是服务器端技术,利用这个技术,服务器在运行时可以为每一个用户的浏览器创建一个其独享的session对象,由于session为用户浏览器独享,所以用户在访问服务器的web资源时,可以把各自的数据放在各自的session中,当用户再去访问服务器中的其它web资源时,其它web资源再从用户各自的session中取出数据为用户服务。
- /*******************************************************************************
- * session的几个相关问题:
- * 1.服务器实现session共享是基于cookie技术,服务器在创建session时,会自动把sessionID号以cookie的形式写回给浏览器,只是cookie有效期没有设置。
- * 2.如果要实现多窗口购买,这时程序就要手工以cookie的形式发送sessionID号给浏览器,并设置cookie有效期,以及有效路径(/test)
- * 3.如果用户禁用 cookie后,服务器程序还能实现session共享,那这时,就要把网站所有涉及会话的url地址全部要重写
- *
- *
- ******************************************************************************/
- public class SessionDemo1 extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- HttpSession session = request.getSession();
- String data = "xxxxx";
- session.setAttribute("data", data);
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
- }
用session来防止表单重复提交
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <title>form2.html</title>
- <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
- <meta http-equiv="description" content="this is my page">
- <meta http-equiv="content-type" content="text/html; charset=UTF-8">
- <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
- </head>
- <body>
- <form action="/test/servlet/FormServlet" method="post">
- 用户名:<input type="text" name="username"><input type="submit" value="登陆">
- </form>
- </body>
- </html>
- //负责输出一个表单给用户
- public class FormServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setCharacterEncoding("UTF-8");
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = response.getWriter();
- String token = TokenProccessor.getInstance().makeToken();
- request.getSession().setAttribute("token", token);
- out.println("<form action='/test/servlet/DoSubmitServlet' method='post'>");
- out.write("<input type='hidden' name='token' value='"+token+"'> ");
- out.write("<input type='text' name='username'> ");
- out.write("<input type='submit' value='提交'> ");
- out.write("</form> ");
- System.out.println("token"+token);
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
- }
- //随机数生成器 保证随机数的唯一性,所有随机数都由这一个对象产生。这样产生相同的随机数的几率较小。
- class TokenProccessor{
- //1.把构造函数私有
- //2.自己创建一个类的对象
- //3.提供方法获取类的对象
- private TokenProccessor(){}
- private static TokenProccessor instance = new TokenProccessor();
- public static TokenProccessor getInstance(){
- return instance;
- }
- public String makeToken(){
- // 28378232323 232323 9239283983292 11
- String token = System.currentTimeMillis() + new Random().nextInt(1000000) + "";
- //得到数据指纹 //md5 消息摘要
- try {
- MessageDigest digest = MessageDigest.getInstance("md5");
- byte result[] = digest.digest(token.getBytes()); //128 16 固定长度。
- BASE64Encoder encoder = new BASE64Encoder(); //Base64将三字节变成四字节(由原来的8位截前6位然后在前面补00,所以取值范围0-63)
- token = encoder.encode(result);
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
- }
- return token;
- }
- }
- //处理表单提交请求,要防表单重复提交
- public class DoSubmitServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- boolean b = isToken(request); //b
- if(b){
- System.out.println("重复提交");
- return;
- }
- System.out.println("处理表单提交请求!!");
- request.getSession().removeAttribute("token");
- }
- private boolean isToken(HttpServletRequest request) {
- String c_token = request.getParameter("token");
- System.out.println("c_token"+c_token);
- if(c_token==null){
- return true;
- }
- String s_token = (String) request.getSession().getAttribute("token");
- if(s_token==null){
- return true;
- }
- if(!c_token.equals(s_token)){
- return true;
- }
- return false;
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
- }