1.什么是Session
-
当用户请求来自应用程序的 Web页时,服务器会给每一个用户(浏览器)创建一个Session对象;
-
在需要保存用户数据时,服务器程序可以把用户数据写到用户浏览器==独占==的session中;
-
当用户在应用程序的Web页之间跳转时,存储在Session对象中的变量将不会丢失,而是在整个用户会话中一直存在下去,默认情况下,只要浏览器没有关闭,这个Session就一直存在。
Session可以理解为一个抽象概念,即会话,会话用于记录一个用户在我们网站上的一些行为、一些状态
Session存储了需要在整个用户会话过程中保持其状态的信息,例如登录信息或用户浏览Web应用程序时需要的其它信息。
Session又可以指在后台保存用户状态来实现会话的方式,它把用户状态存储在后台的内存、数据库等介质中,然后我们利用请求的Cookie中保存的Session ID来为这个请求找到它对应的会话。
2.Session的常用方法
isNew()//判断是否是新的Session,一般在第一次访问的时候出现
getid()//拿到session的ID
getCreationTime()//当前session创建的时间
getLastAccessedTime()//最近的一次访问这个session的时间。
setAttribute()//设置Session的值
getAttribute()//获取Session的值
removeAttribute()//移除Session的值
invalidate()//手动注销Session
复制代码3.Session的一些用法
1.实现Session
package com.cheng.session;
import com.cheng.pojo.Person;
import javax.servlet.ServletException;
import javax.servlet.http.*;
import java.io.IOException;
public class SessionDemon01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//解决乱码问题
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
//从请求中得到session
HttpSession session = req.getSession();
//往session中添加数据
session.setAttribute("name","万里顾一程");
//得到session的ID
String id = session.getId();
//判断session是否为新创建的
if (session.isNew()){
resp.getWriter().write("session创建成功,sessionID为"+id);
}else{
resp.getWriter().write("session已经在服务器中存在,sessionID为:"+id);
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
复制代码注册Servlet
<servlet>
<servlet-name>SessionDemon01</servlet-name>
<servlet-class>com.cheng.session.SessionDemon01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionDemon01</servlet-name>
<url-pattern>/s1</url-pattern>
</servlet-mapping>
复制代码启动服务器测试
第一次访问
重新访问,发现Session已经保存在服务器中
2.跨Servlet获取Session里的值
Servlet1存放值:
package com.cheng.session;
import com.cheng.pojo.Person;
import javax.servlet.ServletException;
import javax.servlet.http.*;
import java.io.IOException;
public class SessionDemon01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
HttpSession session = req.getSession();
session.setAttribute("name","万里顾一程");
String id = session.getId();
if (session.isNew()){
resp.getWriter().write("session创建成功,sessionID为"+id);
}else{
resp.getWriter().write("session已经在服务器中存在,sessionID为:"+id);
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
复制代码 <servlet>
<servlet-name>SessionDemon01</servlet-name>
<servlet-class>com.cheng.session.SessionDemon01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionDemon01</servlet-name>
<url-pattern>/s1</url-pattern>
</servlet-mapping>
复制代码Servlet2取出值
package com.cheng.session;
import com.cheng.pojo.Person;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class SessionDemon02 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//解决乱码问题
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
HttpSession session = req.getSession();
//通过键取出值
String name = (String) session.getAttribute("name");
resp.getWriter().write(name);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
复制代码 <servlet>
<servlet-name>SessionDemon02</servlet-name>
<servlet-class>com.cheng.session.SessionDemon02</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionDemon02</servlet-name>
<url-pattern>/s2</url-pattern>
</servlet-mapping>
复制代码启动服务器测试
先运行s1,在运行s2
3.跨Servlet获取Session里的对象
对象类
package com.cheng.pojo;
public class Person {
private String name;
private int age;
public Person() {
}
public Person(String name, int age) {
this.name = name;
this.age = age;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
@Override
public String toString() {
return "Person{" +
"name='" + name + '\'' +
", age=" + age +
'}';
}
}
复制代码Servlet1存放对象:
package com.cheng.session;
import com.cheng.pojo.Person;
import javax.servlet.ServletException;
import javax.servlet.http.*;
import java.io.IOException;
public class SessionDemon01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
HttpSession session = req.getSession();
session.setAttribute("name",new Person("万里顾一程",20));
String id = session.getId();
if (session.isNew()){
resp.getWriter().write("session创建成功,sessionID为"+id);
}else{
resp.getWriter().write("session已经在服务器中存在,sessionID为:"+id);
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
复制代码 <servlet>
<servlet-name>SessionDemon01</servlet-name>
<servlet-class>com.cheng.session.SessionDemon01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionDemon01</servlet-name>
<url-pattern>/s1</url-pattern>
</servlet-mapping>
复制代码Servlet2取出对象
package com.cheng.session;
import com.cheng.pojo.Person;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class SessionDemon02 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//解决乱码问题
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
HttpSession session = req.getSession();
Person person = (Person) session.getAttribute("name");
System.out.println(person);
resp.getWriter().write(person.toString());
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
复制代码 <servlet>
<servlet-name>SessionDemon02</servlet-name>
<servlet-class>com.cheng.session.SessionDemon02</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionDemon02</servlet-name>
<url-pattern>/s2</url-pattern>
</servlet-mapping>
复制代码启动服务器测试
先运行s1,在运行s2
3.注销Session
1.手动注销
package com.cheng.session;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class SessionDemon03 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
HttpSession session = req.getSession();
session.removeAttribute("name");
//手动注销
session.invalidate();
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
复制代码2.自动注销
在web.xml里加入<session-config>
<session-config>
<!--Session一分钟后失效-->
<session-timeout>1</session-timeout>
</session-config>
复制代码两种使用场景:如果用户点了关闭浏览器,则是手动注销,如果用户超过一定时间没访问web页面,则可以用自动注销
4.Session和Cookie的区别
- Cookie是把用户的数据写给用户的浏览器,由浏览器保存,可以保存多个
- cookie不是很安全,别人可以分析存放在本地的cookie并进行cookie欺骗
- cookie的有效期在cookie生成的时候设置进去。
Cookie原理图:
-
Session是在服务端保存的一个数据结构,用来跟踪用户的状态,这个数据可以保存在集群、数据库、文件中
-
Session是把用户的数据写进用户独占的session中,服务器保存,登陆信息等重要信息存放入session
-
如果主要考虑到安全应当使用session ;
-
Session的有效期在web.xml配置文件里设置
Session原理图:
京公网安备 11010502036488号