真没想到(session aborted)session report,JavaWeb——什么是Session及Session的用法,java removeattribute,
1.什么是Session
当用户请求来自应用程序的 Web页时,服务器会给每一个用户(浏览器)创建一个Session对象;
在需要保存用户数据时,服务器程序可以把用户数据写到用户浏览器==独占==的session中;
当用户在应用程序的Web页之间跳转时,存储在Session对象中的变量将不会丢失,而是在整个用户会话中一直存在下去,默认情况下,只要浏览器没有关闭,这个Session就一直存在。
Session可以理解为一个抽象概念,即会话,会话用于记录一个用户在我们网站上的一些行为、一些状态
Session存储了需要在整个用户会话过程中保持其状态的信息,例如登录信息或用户浏览Web应用程序时需要的其它信息。
Session又可以指在后台保存用户状态来实现会话的方式,它把用户状态存储在后台的内存、数据库等介质中,然后我们利用请求的Cookie中保存的Session ID来为这个请求找到它对应的会话。
2.Session的常用方法
isNew()//判断是否是新的Session,一般在第一次访问的时候出现getid()//拿到session的IDgetCreationTime()//当前session创建的时间getLastAccessedTime()//最近的一次访问这个session的时间。setAttribute()//设置Session的值getAttribute()//获取Session的值removeAttribute()//移除Session的值invalidate()//手动注销Session复制代码
3.Session的一些用法
1.实现Session
package com.cheng.session;import com.cheng.pojo.Person;import javax.servlet.ServletException;import javax.servlet.http.*;import java.io.IOException;public class SessionDemon01 extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {//解决乱码问题req.setCharacterEncoding("utf-8");resp.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");//从请求中得到sessionHttpSession session = req.getSession();//往session中添加数据session.setAttribute("name","万里顾一程");//得到session的IDString id = session.getId();//判断session是否为新创建的if (session.isNew()){resp.getWriter().write("session创建成功,sessionID为"+id);}else{resp.getWriter().write("session已经在服务器中存在,sessionID为:"+id);}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}}
注册Servlet
<servlet><servlet-name>SessionDemon01</servlet-name><servlet-class>com.cheng.session.SessionDemon01</servlet-class></servlet><servlet-mapping><servlet-name>SessionDemon01</servlet-name><url-pattern>/s1</url-pattern></servlet-mapping>
启动服务器测试
第一次访问
重新访问,发现Session已经保存在服务器中
2.跨Servlet获取Session里的值
Servlet1存放值:
package com.cheng.session;import com.cheng.pojo.Person;import javax.servlet.ServletException;import javax.servlet.http.*;import java.io.IOException;public class SessionDemon01 extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {req.setCharacterEncoding("utf-8");resp.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");HttpSession session = req.getSession();session.setAttribute("name","万里顾一程");String id = session.getId();if (session.isNew()){resp.getWriter().write("session创建成功,sessionID为"+id);}else{resp.getWriter().write("session已经在服务器中存在,sessionID为:"+id);}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}}
Servlet2取出值
package com.cheng.session;import com.cheng.pojo.Person;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.io.IOException;public class SessionDemon02 extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {//解决乱码问题req.setCharacterEncoding("utf-8");resp.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");HttpSession session = req.getSession();//通过键取出值String name = (String) session.getAttribute("name");resp.getWriter().write(name);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}}
启动服务器测试
先运行s1,在运行s2
3.跨Servlet获取Session里的对象
对象类
package com.cheng.pojo;public class Person {private String name;private int age;public Person() {}public Person(String name, int age) {this.name = name;this.age = age;}public String getName() {return name;}public void setName(String name) {this.name = name;}public int getAge() {return age;}public void setAge(int age) {this.age = age;}@Overridepublic String toString() {return "Person{" +"name=" + name + \ +", age=" + age +};}}
Servlet1存放对象:
package com.cheng.session;import com.cheng.pojo.Person;import javax.servlet.ServletException;import javax.servlet.http.*;import java.io.IOException;public class SessionDemon01 extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {req.setCharacterEncoding("utf-8");resp.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");HttpSession session = req.getSession();session.setAttribute("name",new Person("万里顾一程",20));String id = session.getId();if (session.isNew()){resp.getWriter().write("session创建成功,sessionID为"+id);}else{resp.getWriter().write("session已经在服务器中存在,sessionID为:"+id);}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}}
<servlet><servlet-name>SessionDemon01</servlet-name><servlet-class>com.cheng.session.SessionDemon01</servlet-class></servlet><servlet-mapping><servlet-name>SessionDemon01</servlet-name><url-pattern>/s1</url-pattern></servlet-mapping>
Servlet2取出对象
package com.cheng.session;import com.cheng.pojo.Person;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.io.IOException;public class SessionDemon02 extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {//解决乱码问题req.setCharacterEncoding("utf-8");resp.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");HttpSession session = req.getSession();Person person = (Person) session.getAttribute("name");System.out.println(person);resp.getWriter().write(person.toString());}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}}
<servlet><servlet-name>SessionDemon02</servlet-name><servlet-class>com.cheng.session.SessionDemon02</servlet-class></servlet><servlet-mapping><servlet-name>SessionDemon02</servlet-name><url-pattern>/s2</url-pattern></servlet-mapping>
启动服务器测试
先运行s1,在运行s2
3.注销Session
1.手动注销
package com.cheng.session;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.io.IOException;public class SessionDemon03 extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {HttpSession session = req.getSession();session.removeAttribute("name");//手动注销session.invalidate();}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}}
2.自动注销
在web.xml里加入<session-config>
<session-config><!--Session一分钟后失效--><session-timeout>1</session-timeout></session-config>
两种使用场景:如果用户点了关闭浏览器,则是手动注销,如果用户超过一定时间没访问web页面,则可以用自动注销
4.Session和Cookie的区别
Cookie是把用户的数据写给用户的浏览器,由浏览器保存,可以保存多个
cookie不是很安全,别人可以分析存放在本地的cookie并进行cookie欺骗
cookie的有效期在cookie生成的时候设置进去。
Cookie原理图:
Session是在服务端保存的一个数据结构,用来跟踪用户的状态,这个数据可以保存在集群、数据库、文件中
Session是把用户的数据写进用户独占的session中,服务器保存,登陆信息等重要信息存放入session
如果主要考虑到安全应当使用session ;
Session的有效期在web.xml配置文件里设置
Session原理图:
版权申明
本文系作者 @河马 原创发布在河马博客站点。未经许可,禁止转载。
暂无评论数据