Detailed tutorial on Java Web practice (XXI) session authentication practice

Miss Zhu 2022-02-13 08:37:18 阅读数:568

detailed tutorial java web practice

         Last article , We talked about it Cookie, know Cookie Is a string that the server responds to the browser , And can be passed to the browser with subsequent requests .
         according to Cookie The above characteristics of , The server can generate a non repeating string , To record which browser sent the request . As shown in the figure below :
 Insert picture description here          thus it can be seen ,Session The principle is that the server will not carry JSessionID Request , Generate a key value of JSessionID Of Cookie, Will be Cookie The time effect of is set to a negative number , That is, it is only saved in the client memory , Carry this with every request in the future cookie, This records the session . If you close the browser, you should cookie disappear , That is, the visitor's session with the server disappears .
         Server's Session The mechanism is made up of Servlet Implemented by container , by Tomcat Realization , It maintains a container , Store the current sessions between all visitors and the server , We just need to pass HttpSession Object can easily obtain the abstract of this session Session object . stay Servlet in Session Yes request.getSession() Methods to get , stay JSP in ,session It's a built-in object .

         Through the browser's debugging tool , You can observe JSessionId.
         First visit to the website , Will respond with a JSessionID:
 Insert picture description here
         Visit the website again , Will carry a in the request JSessionID, Note that their values are consistent .
 Insert picture description here
         And when you close the browser , Open again , Visit the website again , You will find that you no longer carry JSessionID, But in response to a new JSessionID, Its value is different from before :
 Insert picture description here

         adopt Session Mechanism , It can easily realize the authentication of the system , That is, permission processing . The idea is that when the login is successful , Save user information in Session In the object ,Session Because it is also a scope object , So and request It's the same getAttribute(name)、setAttribute(name,value) Method . Then in the code that needs permission verification , Judge session Whether there is an object of the key value in the , That is, the operation of authentication can be realized .
         below , Through the actual combat of adding authentication operation to the educational administration management system to better understand Session.

        UserController Of doLogin Method after judging success , Add the following code :

// Get session object ,session As a scope , You can store key value pairs and attributes 
HttpSession session = request.getSession();
session.setAttribute("user", user);

         Add authentication where permission control is required in the system , Judge session Whether there is a key value of user Value , If not for null, Indicates that you have successfully logged in , Can access resources , If null No sign in , No access . at present , There's only... In the system StudentController Authentication operation needs to be added in the :

public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

if (request.getSession().getAttribute("user") != null) {

String type = request.getParameter("type");
if (type == null) {

search(request, response);
} else if (type.equals("showAdd")) {

showAdd(request, response);
} else if (type.equals("add")) {

add(request, response);
} else if (type.equals("showUpdate")) {

showUpdate(request, response);
} else if (type.equals("update")) {

update(request, response);
} else if (type.equals("delete")) {

delete(request, response);
} else {


         After completing the above code , The website can access student resources only after logging in successfully , Otherwise, if you don't log in , adopt url Access student resources , Will automatically jump to the login page .

copyright:author[Miss Zhu],Please bring the original link to reprint, thank you.