文章目录

Cookie和Session（会话技术）一、Cookie1、Cookie概述1.1、Cookie简介1.2、Cookie的使用场景1.3、Cookie底层原理 2、Cookie的基本使用3、Cookie实现显示用户上次访问时间4、Cookie编码与解码5、Cookie总结 二、Session1、Session概述1.1、Session简介1.2、Session的使用场景1.3、Session的底层原理 2、Session的基本使用3、Session的登录案例4、Session的购物案例5、Session总结 三、Session和Cookie的区别

---

Cookie和Session（会话技术）

一、Cookie

1、Cookie概述

1.1、Cookie简介

将会话过程中的数据保存到用户的浏览器中。服务端给客户端一个 信件，客户端下次访问服务端带上 信件 就可以了。客户端技术（响应，请求）用户打开一个浏览器，点击了很多超链接，访问多个web资源，关闭浏览器，这个过程可以称之为会话（Cookie）。一个Cookie只能保存一个信息。一个web站点可以给浏览器发送多个cookie，最多存放20个cookie。Cookie大小有限制4kb。300个cookie浏览器上限。一次会话中可以包含多次请求和响应。

1.2、Cookie的使用场景

常用来判断是否第一次登录，如果是你下次不用再登录了，第二次访问直接就上去了！

1.3、Cookie底层原理

2、Cookie的基本使用

Cookie(name,value)：Cookie的构造方法，以键值对的形式存放addCookie(cookie)：添加CookiegetCookies()：获取请求发送时的Cookie对象的数组getName()：获取Cookie名称(键)getValue()：获取Cookie的值setMaxAge(int expiry)：设置Cookie的有效期，秒为单位，默认为-1永久存活(但是会在浏览器关闭时被删除)，0为删除 RegistServlet.java

@WebServlet(name = "RegistServlet", value = "/registServlet")public class RegistServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); // 获取前端传来的参数 String username = request.getParameter("username"); String password = request.getParameter("password"); // 判断输入的账号和密码是否正确 if (username.equals("root") && password.equals("111")){ // 创建Cookie对象，键值对形式存放 Cookie cookie1 = new Cookie("username", username); Cookie cookie2 = new Cookie("password", password); // 设置cookie的存活时间 cookie2.setMaxAge(10); // 以秒为单位，默认为-1永久存活(但是会在浏览器关闭时被删除)，0为删除 // 在响应时添加cookie response.addCookie(cookie1); response.addCookie(cookie2); } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} regist.jsp

<%@ page import="java.util.Arrays" %><%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head> <title>注册</title></head><body><%--编写 jsp 小脚本--%><% // getCookies()：获取请求发送时的Cookie对象的数组 Cookie[] cookies = request.getCookies(); // 定义变量用于value的显示 String username = "", password = ""; // 判断获取来的cookie是否为空，不为空执行 if (cookies != null) { // 遍历cookie数组里的数据 for (Cookie cookie : cookies) { /* System.out.println(cookie.getName()); System.out.println(cookie.getValue());*/ // getName()：获取Cookie名称(键)，等于前端传来的username的值 if (cookie.getName().equals("username")) { // getValue()：获取Cookie的值，将值赋给变量username，用于后面value的显示 username = cookie.getValue(); } if (cookie.getName().equals("password")) { password = cookie.getValue(); } } }%><form action="registServlet" method="post"> <%-- =变量名：JSP中的语法，获取变量的值，显示到前端 --%> 用户名：<input type="text" name="username" value="<%=username%>"> <br> 密码：<input type="password" name="password" value="<%=password%>"> <br> <input type="submit" value="提交"></form></body></html>

3、Cookie实现显示用户上次访问时间

LastServlet.java

@WebServlet(name = "LastServlet", value = "/LastServlet")public class LastServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); Cookie[] cookies = request.getCookies(); // 获取所有cookie boolean flag = false; // 判断cookies是否为空 // 访问过，cookies中会有时间 if (cookies.length > 0 && cookies != null) { //遍历cookie数组 for (Cookie cookie : cookies) { String name = cookie.getName(); // 判断名称是否是lastTime if ("lastTime".equals(name)) { // 有该cookie不是第一次访问 flag = true; // 响应数据与解码 String value = cookie.getValue(); value = URLDecoder.decode(value, "utf-8"); response.getWriter().write("欢迎回来，您上次访问的时间为：" + value); cookie.setMaxAge(60 * 60 * 24 * 30); response.addCookie(cookie); break; } } if (cookies == null || cookies.length == 0 || flag == false) { // 获取系统时间与编码 String str_date = new SimpleDateFormat("yyyy年MM月dd日 HH:mm:ss").format(new Date()); str_date = URLEncoder.encode(str_date, "utf-8"); // 设置cookie的value Cookie cookie = new Cookie("lastTime", str_date); cookie.setMaxAge(60 * 60 * 24 * 30); response.addCookie(cookie); response.getWriter().write("您好，欢迎您首次访问"); } } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }}

4、Cookie编码与解码

由于Cookie不支持中文，我们需要进行编码与解码。

URLEncoder.encode("沈公子","utf-8");// 编码URLDecoder.decode(cookie.getValue(),"utf-8"); // 解码

5、Cookie总结

cookie作用 cookie判断用户是否第一次登录，如果是第一次则需要登录，第二次之后则直接访问 cookie有效期 setMaxAge(); 不设置有效期关闭浏览器cookie将被删除有效期设置为0，删除cookie设置有效期，过期后cookie才会被删除 cookie如何保存 一个cookie只能保存一个信息cookie由浏览器保存

二、Session

1、Session概述

1.1、Session简介

Session对象由服务器保存。Session是一种会话跟踪技术。Session是基于Cookie实现的。服务器登记你来过了，下次你来的时候我来匹配你。保存信息，通过SessionID访问，SessionID浏览器一打开就会存在。服务器会给每一个用户（浏览器）创建一个Session对象。一个Session独占一个浏览器，只要浏览器没有关闭，这个Session就存在。用户登录之后，整个网站它都可以访问，保存用户的信息，保存购物车的信息。同一次会话的多次请求间共享数据。

10.服务器关闭后，Tomcat会自动将Seesion数据写入硬盘文件中，再次启动服务器后，从文件中加载数据到Session中。

1.2、Session的使用场景

保存一个登录用户的信息购物车信息在整个网站中经常会使用的数据，我们将它保存在Session中

1.3、Session的底层原理

2、Session的基本使用

getSession()：获取SessionsetAttribute()：给session设置键值对数据getAttribute()：通过键获取session中的值removeAttribute()：通过键移除session中的值getId()：获取session的idinvalidate()：session失效，再次进入会重置Session的值web.xml配置Session的失效时间

<!-- 设置Session默认的失效时间 --><session-config> <!-- 1分钟后Session自动失效，再次进入会重置Session的值，以分钟为单位 --> <session-timeout>1</session-timeout></session-config> 测试1

@WebServlet(name = "SessionDemo01", value = "/SessionDemo01")public class SessionDemo01 extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); // 获取session HttpSession session = request.getSession(); // 给session设置键值对数据 session.setAttribute("name", "沈公子222"); // 获取session的id (JSESSIONID=D2EBCA814B8FC3249BCA47C96374A2F8) String sessionId = session.getId(); // 判断session是否已存在 if (session.isNew()) { response.getWriter().write("session创建成功，ID：" + sessionId); } else { response.getWriter().write("session已经在服务器中存在，ID：" + sessionId); } // Session创建的时候做了什么事情，在响应中显示Cookie的值 Cookie cookie = new Cookie("JSESSIONID", sessionId); response.addCookie(cookie); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} 测试2

@WebServlet(name = "SessionDemo02", value = "/SessionDemo02")public class SessionDemo02 extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); // 获取session HttpSession session = request.getSession(); // 通过键获取session中的值 Object name = session.getAttribute("name"); response.getWriter().print(name); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} 测试3

@WebServlet(name = "SessionDemo03", value = "/SessionDemo03")public class SessionDemo03 extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); // 获取session HttpSession session = request.getSession(); // 通过键移除session中的值 session.removeAttribute("name"); // session失效，再次进入会重置Session的值 session.invalidate(); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }}

3、Session的登录案例

login.html

<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>登录</title></head><body><form action="LoginServlet" method="post"> 用户名: <input type="text" name="username"><br/> 密码： <input type="password" name="password"><br/> <input type="submit" value="提交"></form></body></html> User.java

public class User { private String username; private String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; }} LoginServlet.java

@WebServlet(name = "LoginServlet", value = "/LoginServlet")public class LoginServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String username = request.getParameter("username"); String password = request.getParameter("password"); if (("root").equals(username) && ("123123").equals(password)) { User user = new User(); user.setUsername(username); user.setPassword(password); // 请求时获取Session，并将数据绑定进来 request.getSession().setAttribute("user", user); response.sendRedirect(request.getContextPath() + "/IndexServlet"); // /demo06_3/IndexServlet } else { out.print("用户名或密码错误，登录失败，请重新登录<a href='/demo06_3/login.html'>返回登录</a>"); } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} IndexServlet.java

@WebServlet(name = "IndexServlet", value = "/IndexServlet")public class IndexServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); // 创建或者获取保存用户信息的Session对象 HttpSession session = request.getSession(); // 获取传递的数据 User user = (User) request.getSession().getAttribute("user"); if (user == null) { out.print("您还没有登录，请<a href='/demo06_3/login.html'>登录</a>"); } else { out.print("您已登录，欢迎你，" + user.getUsername() + "!"); out.print("<a href='/demo06_3/LogoutServlet'>退出</a>"); // 创建Cookie存放Session的标识号 Cookie cookie = new Cookie("JSESSIONID", session.getId()); cookie.setMaxAge(60*30); // 30分钟，session过期，需要重新登录 // 设置Cookie的有效目录路径 cookie.setPath(request.getContextPath()); // /demo06_3 response.addCookie(cookie); // Set-Cookie: JSESSIONID=315710819A1A3518B0CCDCDC061BBD64; Max-Age=60; Expires=Wed, 22 Mar 2023 03:24:40 GMT; Path=/demo06_3 } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} LogoutServlet.java

@WebServlet(name = "LogoutServlet", value = "/LogoutServlet")public class LogoutServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); // 获取Session时将Session对象中的User对象移除，并不是把Session的标识号给移除 request.getSession().removeAttribute("user"); response.sendRedirect(request.getContextPath()+"/IndexServlet"); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }}

4、Session的购物案例

Cake.java

public class Cake { private String id; private String name; public Cake() { } public Cake(String id, String name) { this.id = id; this.name = name; } public String getId() { return id; } public void setId(String id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; }} CakeDB.java

public class CakeDB { private static Map<String,Cake> cake = new LinkedHashMap<>(); static { cake.put("1",new Cake("1","A类蛋糕")); cake.put("2",new Cake("2","B类蛋糕")); cake.put("3",new Cake("3","C类蛋糕")); cake.put("4",new Cake("4","D类蛋糕")); cake.put("5",new Cake("5","E类蛋糕")); } // 获取所有的蛋糕 public static Collection<Cake> getAll(){ return cake.values(); } // 根据指定的id获取蛋糕 public static Cake getCake(String id){ return cake.get(id); }} ListCakeServlet.java

@WebServlet(name = "ListCakeServlet", value = "/ListCakeServlet")public class ListCakeServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); // 获取所有蛋糕 Collection<Cake> cakes = CakeDB.getAll(); out.write("本站提供的蛋糕有：<br>"); // 遍历输出所有蛋糕 for (Cake cake : cakes) { // 获取蛋糕的id String url = "PurchaseServlet?id=" + cake.getId(); // 获取蛋糕的名字和id，并跳转到 PurchaseServlet out.write(cake.getName() + "<a href='" + url + "'>点击购买</a><br>"); } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} PurchaseServlet.java

@WebServlet(name = "PurchaseServlet", value = "/PurchaseServlet")public class PurchaseServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); // 这个 Servlet 起到中转的作用，用来判断是否购买蛋糕，根据情况来重定向 String id = request.getParameter("id"); // 如果id为空，将重定向到 ListCakeServlet if (id == null) { response.sendRedirect("ListCakeServlet"); return; } Cake cake = CakeDB.getCake(id); // 根据id获取蛋糕 HttpSession session = request.getSession(); // 获取session List<Cake> cart = (List<Cake>) session.getAttribute("cart"); // 通过键获取session里的值 // 如果session中的键的值为空，就创建列表，设置session数据 if (cart == null) { cart = new ArrayList<>(); session.setAttribute("cart", cart); } cart.add(cake); // 不等于空添加数据 // session的设置 Cookie cookie = new Cookie("JSESSIONID", session.getId()); cookie.setMaxAge(60 * 30); cookie.setPath("/Servlet"); response.addCookie(cookie); response.sendRedirect("CartServlet"); // 有蛋糕会重定向 CarServlet } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }} CartServlet.java

@WebServlet(name = "CartServlet", value = "/CartServlet")public class CartServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); List<Cake> cart = null; boolean purFlag = true; // 定义标识 HttpSession session = request.getSession(false); // 如果session为空，标识为假 if (session == null) { purFlag = false; } else { // session不为空 // 通过键获取session里的值 cart = (List<Cake>) session.getAttribute("cart"); // 如果session中的键的值为空，标识为假 if (cart == null) { purFlag = false; } } // 如果标识为假 if (!purFlag) { out.write("对不起，您还没有购买任何商品！<br>"); }else { // 否则标识为真 out.write("您购买的蛋糕有：<br>"); // 遍历输出蛋糕名称 for (Cake cake : cart) { out.write(cake.getName()+"<br>"); } } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); }}

5、Session总结

Session的作用 保存用户信息，购物车信息等 Session的有效期 SessionID浏览器一打开就会存在，关闭浏览器SeesionID会失效可以配置Session失效时间 Session如何保存 Session由服务器保存数据Session可以保存和获取数据

三、Session和Cookie的区别

相同：

Cookie和Session都是来完成一次会话多次请求间数据共享的。

不同：

存储位置：Cookie存储在客户端，Session存储到服务端安全性：Cookie不安全，Session安全数据大小：Cookie最大3KB，Session无大小限制存储时间：Cookie可以长期存储，Session默认30分钟服务器性能：Cookie不占用服务器资源，Session占用服务器资源