Technical Analysis Report: 2004-09-02
Protected principal: Cookie Closure and Java Servlet Session Processing Discussion
The servlet session (httpsession) object is generated when the user first accesss the web server, the server generates a unique session ID to represent this client, including this session ID in each request after the browser (possibly Is using cookies or URL REWRITI, this detail doesn't have to worry about you), the server is based on this session ID, you can use the getId () method to get the session ID, for example::
<%
Out.println ("session ID:" session.getiD ());
%>
The SESSION ID is displayed is as follows:
SESSION ID: 2F892EDF2669858811B8D121119AE90B
The session ID is default to store this message to the client when the request is sent to the server, and the server will not be turned on according to the session ID. If the cookie is not turned on, the browser will not be able to store the session ID. It is also not possible to transfer the message of the session ID to the server, and it is impossible to track, even if the data object is indeed stored in httpsession, we can not take it out, the following program will only be close to the browser cookie function. Display session not found, reset! Message:
<% @ Page ContentType = "Text / HTML; Charset = BIG5"%>
session demo </ title> </ head></p>
<p><body></p>
<p><H1></p>
<p><%</p>
<p>IF (session.getattribute ("info") == NULL) {</p>
<p>Session.SetaTRibute ("Info", "Session Information");</p>
<p>Out.println ("Session Not Found, RESET!");</p>
<p>}</p>
<p>Else</p>
<p>Out.println ("session found:" session.getattribute ("info"));</p>
<p>%></p>
<p></ H1></p>
<p></ body></p>
<p></ html></p>
<p>If the cookie function is turned off, the session ID cannot be stored, and it cannot be sent to the server when the next request is requested. In order to make the process tracking, we must perform the URL REWRITI to transfer the session ID, and fortunately there is a simple method. Help you perform this action, using Response's EncodeURL () can automatically enhance the session ID in the URL, for example:</p>
<p><% @ Page ContentType = "Text / HTML; Charset = BIG5"%></p>
<p><html></p>
<p><head> <title> session demo </ title> </ head></p>
<p><body></p>
<p><H1></p>
<p><% IF (session.getattribute ("info") == NULL) {</p>
<p>Session.SetaTRibute ("Info", "Session Information");</p>
<p>Out.println ("Session Not Found, RESET!");</p>
<p>}</p>
<p>Else</p>
<p>Out.println ("session found:" session.getattribute ("info"));</p>
<p>Out.println ("<br> <a href='" response.encodeurl("sessionDemo.jsp") " "process tracking" "</a>");</p>
<p>%></p>
<p></ H1></p>
<p></ body></p>
<p></ html></p>
<p>If your browser cookie function is turned off, you must use the response's EncodeURL () automatically enable the session ID in the URL, if the cookie function can operate, eNCodeURL () will post back the specified URL, otherwise it will be After the specified URL is added to the sessiond ID, for example, the above JSP page is closed in the case where the cookie function is closed, the following content is passed:</p>
<p><html></p>
<p><head> <title> session demo </ title> </ head></p>
<p><body></p>
<p><H1></p>
<p>Session Not Found, Reset!</p>
<p><br> <a href='SessionDemo.jsp;jsessionID=7A2A0BFA32D0022D8BB80A5E690A9D10'> process tracking </a></p>
<p></ H1></p>
<p></ body></p>
<p></ html></p>
<p>Simply put, press the URL REWRITI connection, the browser can transfer the session ID to the server, however, the message ID will appear on your URL:</p>
<p>Http: // localhost: 8080 / myjsp / sessionDemo.jsp; jsessionID = 7A2A0BFA32D002D8BB80A5E690A9D10</p>
<p>This is a dangerous message, and anyone can process tracking as long as you get this message in the SSSI survival period, so basically recommends that the user turns on the cookie function to prevent the session ID to be exposed to the URL. We will not work in a topic of the topic, if we will not work in the case of the cookie function, we must rewrite the login.jsp:</p>
<p><% @ Page ContentType = "text.html; charset = BIG5"%></p>
<p><%</p>
<p>String User = Request.getParameter ("User");</p>
<p>String password = Request.getParameter ("password");</p>
<p>String MemberURL = "http: // localhost: 8080 / myjsp / member.jsp";</p>
<p>String loginformurl = "http: // localhost: 8080 / myjsp / form.html"; if (user == null || password == null) {</p>
<p>Response.setHeader ("Refresh", "0;" loginformurl;</p>
<p>}</p>
<p>Else IF (User.equals ("Justin" && password.equals ("1234")) {</p>
<p>Session.setttribute ("User", User;</p>
<p>MemberURL = response.Encodeurl (MemberURL);</p>
<p>Response.setHeader ("Refresh", "3;" MemberURL);</p>
<p>Out.println (user "Welcome to login! After 3 seconds, enter the member page!");</p>
<p>}</p>
<p>Else {</p>
<p>Response.setHeader ("Refresh", "3;" loginformurl;</p>
<p>Out.println ("Users or password errors, please log in (returned to the login form after 3 seconds)");</p>
<p>}</p>
<p>%></p>
<p>Or you can directly use the response's sendRedirect () method, because sendirect () requires a complete address message, that is, an address message that includes http: //, you can use the response's EncoderedirectURL () to pass this address, the same If the cookie is turned on, it is just the original, and we can also rewrite the login.jsp programs as follows:</p>
<p><% @ Page ContentType = "text.html; charset = BIG5"%></p>
<p><%</p>
<p>String User = Request.getParameter ("User");</p>
<p>String password = Request.getParameter ("password");</p>
<p>String MemberURL = "http: // localhost: 8080 / myjsp / member.jsp";</p>
<p>String loginformurl = "http: // localhost: 8080 / myjsp / form.html";</p>
<p>IF (user == null || password == null) {</p>
<p>Response.setHeader ("Refresh", "0;" loginformurl;</p>
<p>}</p>
<p>Else IF (User.equals ("Justin" && password.equals ("1234")) {</p>
<p>Session.setttribute ("User", User;</p>
<p>MemberURL = response.EncoderedirectURL (MEMBERURL);</p>
<p>Response.sendRedirect (MemberURL);</p>
<p>}</p>
<p>Else {</p>
<p>Response.setHeader ("Refresh", "3;" loginformurl;</p>
<p>Out.println ("Users or password errors, please log in (returned to the login form after 3 seconds)");</p>
<p>%></p>
<p>Session has its survival period, close your browser, server shutdown may make session fail, when the client stops the activity for a while (Tomcat preset is 30 minutes), Session will automatically invalid, you can use getMaxInactiveInterval () to get the wait period of the session, The value obtained in seconds, or sets the waiting period with setMaxinactiveInterval (), and the set value is also in seconds:</p>
<p><%</p>
<p>Out.println ("Default session life:" session.getMaxinactiveInterval ());</p>
<p>Session.setMaxinActiveInterval (600);</p>
<p>Out.println ("now session life:" session.getMaxinactiveInterVal ());</p>
<p>%></p>
<p>You can set the preset session waiting deadline in web.xml, use <session-config> to set the <session-timeout>, pay attention to the set unit as a number of minutes, such as the following settings wait for the SESSION The period is preset for 10 minutes:</p>
<p><session-config></p>
<p><session-timeout></p>
<p>10 <! - minute -></p>
<p></ session-timeout></p>
<p></ session-config></p>
<p>The above example has passed Tomcat test, see the DEMO program 192.168.1.10 (http://192.168.1.10:8080/demo)</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-120763.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="120763" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.041</b>, SQL:
<b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = 'aycpP2h2XQp7mE8g3P_2FKwVrxLQca03zwO6cY8gxXySJ11Aiqj0zDHCX5sdH3Nzzf8DqrlUr_2FcY4GBPMk41JVdg_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
