WEB开发会话技术02
6.Cookie的生命周期
默认情况下,Cookie只在浏览器的内存中存活,也就是说,当你关闭浏览器后,Cookie就会消失。但是也可以通过方法设置cookie的生存时间。
cookie的生命周期指的是如何管理cookie,什么时候cookie被销毁。
- setMaxAge(int expiry):设置 cookie 的最大生存时间,以秒为单位
- 整数:表示在指定的秒数后过期
- 负数:表示浏览器关闭,cookie就会被删除(默认值是-1)
- 0,表示马上删除cookie
6.1cookie生命周期expiry>0
CookieLive:
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; @WebServlet(urlPatterns = {"/CookieLive"}) public class CookieLive extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("CookieLive doPost被调用..."); //创建一个cookie,生命周期为 60s Cookie cookie = new Cookie("job", "java"); //1.从创建改cookie开始计时,60秒后就无效 //2.由浏览器来根据创建的时间来开始计时,到时间后就认为该cookie无效 //3.如果该cookie无效了,那么浏览器在发出HTTP请求时,就不会带上该cookie cookie.setMaxAge(60); //将cookie保存到浏览器 response.addCookie(cookie); //给浏览器返回信息 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); writer.print("设置cookie生命周期成功
"); writer.flush(); writer.close(); } }
-
在浏览器中访问该servlet:
、 -
可以看到该cookie的创建于: "Sun, 20 Nov 2022 14:15:39 GMT"
真实时间为上述时间再加八小时
-
超过60s后,再去访问Tomcat服务器:
可以看到在浏览器发送的HTTP请求中的Cookie字段已经没有了设置的cookie:
说明:由浏览器来根据创建的时间来开始计时,到时间后就认为该cookie无效。如果该cookie无效了,那么浏览器在发出HTTP请求时,就不会带上该cookie。
但是此时cookie没有被删除,在关闭浏览器的时候才会被删除。
6.2演示删除cookie(expiry=0)
删除下图名为username的cookie
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; @WebServlet(urlPatterns = {"/cookieLive"}) public class CookieLive extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //演示删除一个cookie //1.先得到usernameCookie Cookie[] cookies = request.getCookies(); Cookie usernameCookie = CookieUtils.readCookieByName("username", cookies); if (usernameCookie != null) { //2.将其生命周期设置为0 usernameCookie.setMaxAge(0); //3.重新保存该cookie,因为你将其生命周期设置为0,就等价于让浏览器删除该cookie response.addCookie(usernameCookie);//在响应体的Set-Cookie } else { System.out.println("没有找到该cookie"); } //给浏览器返回信息 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); writer.print("设置cookie生命周期成功
"); writer.flush(); writer.close(); } }
redeployTomcat,浏览器访问该servlet,点击查看HTTP响应包:可以看到响应包中设置了该cookie的过期时间为1970年,这意味着浏览器将立即删除该cookie。
-
Set-Cookie: username=jack; Expires=Thu, 01-Jan-1970 00:00:10 GMT
-
点击查看cookie存储,可以发现该cookie已经被删除了
说明:setMaxAge()方法设置参数为零时,当浏览器接收到服务器的响应包时,会立即删除该cookie。
6.3默认生命周期(expiry<0)
如果没有设置setMaxAge,或者setMaxAge的设置参数为负数,那么默认创建的cookie是会话级别的(即关闭浏览器就销毁了)
如下,MaxAge的默认设置值为-1
7.Cookie的有效路径
cookie有效路径Path的设置:
-
Cookie的path属性,可以有效地过滤哪些Cookie可以发送给服务器,哪些不发。path属性是通过请求的URL地址来进行有效地过滤
-
规则如下:
cookie1.setPath=/工程路径 cookie2.setPath=/工程路径/aaa- 若请求地址为:
http://ip:port/工程路径/资源
cookie1会发送给服务器
cookie2不会发送给服务器 - 若请求地址为:
http://ip:port/工程路径/aaa/资源
cookie1会发送给服务器
cookie2会发送给服务器
即如果请求的url的地址包含了cookie设置的有效路径,则这个cookie就会被发送给服务器。
说明:如果没有设置cookie的有效路径,默认就是 /工程路径
- 若请求地址为:
演示Cookie的有效路径的使用
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; @WebServlet(urlPatterns = {"/cookiePath"}) public class CookiePath extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("cookiePath doPost被调用"); //1.创建两个cookie Cookie cookie = new Cookie("address", "beijing"); Cookie cookie2 = new Cookie("salary", "20000"); //2.设置不同的有效路径 //request.getContextPath()=/application context cookie.setPath(request.getContextPath());//有效路径=/cs cookie2.setPath(request.getContextPath() + "/aaa");//有效路径=/cs/aaa //3.保存到浏览器 response.addCookie(cookie); response.addCookie(cookie2); //4.给浏览器回送提示信息 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); writer.print("设置cookie有效路径成功
"); writer.flush(); writer.close(); } }
如下,访问http://localhost:8080/cs/cookiePath,创建了address和salary两个cookie并设置了不同的有效路径
现在来访问http://localhost:8080/cs/xxx,抓包如下:
在来访问http://localhost:8080/cs/aaa/xxx:
8.练习
完成自动填写登录账户案例,如果用户登录成功,则下次登录自动填写登录账户。
- 如果用户名是olien,密码是1234。则认为该用户合法,登录成功,否则失败。
- 要求实现:如果登录成功,则该用户在三天内登录可以自动填写其登录名。
CookieUtils:
package com.li.cookie; import javax.servlet.http.Cookie; public class CookieUtils { //编写一个方法,返回指定名字的cookie值 public static Cookie readCookieByName(String name, Cookie[] cookies) { //判断传入的参数是否正确 if (name == null || "".equals(name) || cookies == null || cookies.length == 0) { return null; } //否则,就遍历cookies for (Cookie cookie : cookies) { if (name.equals(cookie.getName())) { return cookie; } } return null; } }
loginServlet:
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; @WebServlet(urlPatterns = {"/login"}) public class Login extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("login doPost被调用..."); //编写servlet(以实现自动填写登录名和密码) String usernameVal = ""; String pwdVal = ""; //访问servlet时,首先获取浏览器的cookie数组 Cookie[] cookies = request.getCookies(); //判断得到的cookie数组是否存在 if (cookies != null && cookies.length != 0) {//如果存在,且长度不为0 //获取cookie的值 Cookie usernameCookie = CookieUtils.readCookieByName("username", cookies); Cookie pwdCookie = CookieUtils.readCookieByName("pwd", cookies); if (usernameCookie != null && pwdCookie != null) {//如果存在指定的cookie //获取指定的cookie的值 usernameVal = usernameCookie.getValue(); pwdVal = pwdCookie.getValue(); } } //绘制html页面 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); if (usernameVal != null && pwdVal != null) { writer.print("\n" + "\n" + "\n" + " \n" + " 登录页面 \n" + "\n" + "\n" + " + " 用户名: + usernameVal + "\"/>
\n" + " 密码: + pwdVal + "\"/>
\n" + " \n" + "\n" + "\n" + ""); } writer.flush(); writer.close(); } }
LoginSuccess:
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; /** * 接收用户输入,判断该用户是否合法,并返回提示信息 */ @WebServlet(urlPatterns = {"/loginSuccess"}) public class LoginSuccess extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("loginServlet doPost 被调用..."); //1.接收表单用户名和密码 String username = request.getParameter("username"); String pwd = request.getParameter("pwd"); //给浏览器返回提示信息 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); //2.判断数据是否合法 if ("olien".equals(username) && "1234".equals(pwd)) {//合法 //将登陆成功的用户名和密码以cookie形式保存到浏览器中 //根据用户名和密码创建cookie Cookie usernameCookie = new Cookie("username", "olien"); Cookie pwdCookie = new Cookie("pwd", "1234"); //设置cookie生命周期 usernameCookie.setMaxAge(60 * 60 * 24 * 3);//3天 pwdCookie.setMaxAge(60 * 60 * 24 * 3);//3天 //给浏览器返回cookie response.addCookie(usernameCookie); response.addCookie(pwdCookie); //给浏览器返回提示信息 writer.print("登录OK
"); } else {//不合法 writer.print("登录失败,请重新登录
"); } writer.flush(); writer.close(); } }
redeployTomcat,在浏览器中访问http://localhost:8080/cs/login。 输入正确的用户名密码,成功跳转。
此时,再次访问该页面,可以看到登录页面自动填写登录名:
9.Cookie注意事项和细节
- 一个cookie只能标识一种信息,它至少含有一个标识该信息的名称(name)和设置值(value)
- 一个web站点可以给一个浏览器发送多个cookie,一个浏览器也可以存储多个web站点提供的cookie
- cookie的总数量没有限制,但是每个域名的cookie数量和每个cookie的大小是有限制的(不同的浏览器限制不同),因此cookie不适合存放数据量大的信息
- 注意:删除cookie时,path必须一致,否则不会删除
- Java Servlet中cookie中文乱码解决。如果cookie存放中文,默认会报错,但可以通过URL编码和解码来解决(尽量不要使用cookie保存中文信息)
例子:解决cookie中文乱码
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; import java.net.URLEncoder; @WebServlet(name = "EncoderCookie", urlPatterns = {"/encoderCookie"}) public class EncoderCookie extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("EncoderCookie doPost被调用..."); //1.创建一个带有中文的cookie //Cookie company = new Cookie("company", "小葵花公司"); //2.保存到浏览器 /** * 1.如果直接存放带有中文的cookie,Tomcat服务器会报错: * Control character in cookie value or attribute. * 2.解决方法:将中文编码设置成URL编码 * 3.使用工具类 URLEncode * 4.编码后再保存cookie即可 */ String company = URLEncoder.encode("小葵花公司", "utf-8"); Cookie cookie = new Cookie("company", company); response.addCookie(cookie); //3.给浏览器返回提示信息 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); writer.print("设置cookie中文信息成功
"); writer.flush(); writer.close(); } }
-
浏览器访问地址:
http://localhost:8080/cs/encoderCookie:
-
进行抓包:如下,浏览器在保存中文cookie时,以url编码进行保存
-
服务器在获取该中文cookie时,也要以url编码形式进行解码,否则得到的cookie的值是url编码。
ReadCookie2:
package com.li.cookie; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.annotation.*; import java.io.IOException; import java.io.PrintWriter; import java.net.URLDecoder; @WebServlet(name = "ReadCookie2", value = "/readCookie2") public class ReadCookie2 extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //读取中文cookie Cookie[] cookies = request.getCookies(); Cookie companyCookie = CookieUtils.readCookieByName("company", cookies); String companyVal = companyCookie.getValue(); System.out.println("companyVal= " + companyVal);//url编码 //解码 companyVal = URLDecoder.decode(companyVal, "utf-8"); System.out.println("解码后的companyVal= " + companyVal);//中文 //给浏览器返回提示信息 response.setContentType("text/html;charset=utf-8"); PrintWriter writer = response.getWriter(); writer.print(" 读取中文cookie并解码成功
");writer.flush(); writer.close(); } } 浏览器访问该资源,后台输出如下:
