這篇主要說明基於Cookie的單點登錄實現,以及Cookie的一些特性以及使用說明。
1、Cookie是什麼,如何工作的
Cookie就是這樣的一種機制。它可以彌補HTTP協議無狀態的不足。在Session出現之前,基本上所有的網站都採用Cookie來跟蹤會話。
2、現實生活中類似於Cookie的舉例
3、各瀏覽器都把Cookie放到了哪裏
4、實際開發項目中如何使用代碼操作Cookie
package com.csdn.cas;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
public void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 獲取請求參數
String userName = req.getParameter("userName");
String passwd = req.getParameter("passwd");
// 創建cookie對象
Cookie userInfoCookie = new Cookie("userInfo", userName + ":" + passwd);
// 返回給瀏覽器的數據中添加cookie信息
resp.addCookie(userInfoCookie);
}
}
上面就是簡單的操作cookie的代碼,我們將這個servlet部署到tomcat中,使用谷歌,並觀察相關的cookie信息(使用F12,有調試工具)。5、Cookie的特性
5.1、Cookie不能跨域
5.2、其他相關特性請參照博客
6、利用Cookie的特性實現單點登錄的原理
7、Cookie實現單點登錄的代碼實現
package com.csdn.cas;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
public void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 獲取請求參數
String userName = req.getParameter("userName");
String passwd = req.getParameter("passwd");
resp.setCharacterEncoding("UTF-8");
resp.setContentType("text/html;charset=UTF-8");
HttpSession session = req.getSession();
// 只有用戶名與密碼相同,則登錄成功
if(userName.equals(passwd)){
// 創建cookie對象
Cookie userInfoCookie = new Cookie("userInfo", userName + ":" + passwd);
// 這裏很重要,不設置無法誇子域 這裏最好以 .開頭,例如.qiandu.com
// 谷歌瀏覽器自動給他添加了.
userInfoCookie.setDomain("qiandu.com");
// 返回給瀏覽器的數據中添加cookie信息
resp.addCookie(userInfoCookie);
session.setAttribute("userName", userName + ",登錄成功");
}else {
session.setAttribute("userName", userName + ",登錄失敗");
}
req.getRequestDispatcher("/index.jsp").forward(req, resp);
}
}
package com.csdn.cas;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException { }
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request ;
HttpServletResponse resp = (HttpServletResponse) response ;
Cookie[] cookies = req.getCookies();
resp.setCharacterEncoding("UTF-8");
resp.setContentType("text/html;charset=UTF-8");
HttpSession session = req.getSession();
Object userInfo = session.getAttribute("userName");
if(userInfo == null){ // 沒登錄
if(cookies != null){ // 有cookie
for(Cookie cookie : cookies){
if("userInfo".equals(cookie.getName())){
String[] value = cookie.getValue().split(":");
String userName = value[0];
String passwd = value[1];
// 只有用戶名與密碼相同,則登錄成功
if(userName.equals(passwd)){
// 創建cookie對象
session.setAttribute("userName", userName + ",從filter登錄成功");
}else {
session.setAttribute("userName", userName + ",從filter登錄失敗");
}
}
}
} else {
// 這裏應該跳轉到登錄頁面
}
}
chain.doFilter(request, response);
}
@Override
public void destroy() { }
}
<html>
<body>
<h1>Hello !</h1>
<h2><%=session.getAttribute("userName")%>
</h2>
</body>
</html>