Access control for JSP pages

Access control is done based on the session, so what is the session?

Session is a built-in object in the JSP that corresponds to browser one by one, allowing the user to store and extract session state information

Session objects are used to store all information about a user's session

1. What is a session?

(1) A conversation is a call between the browser and the server,

It contains multiple requests between the browser and the server, the response process

(2) using the session tracking mechanism provided by the Web container, you can maintain each
User's session information, that is, to save different data for different users

How is the 2.session used?

Common methods for session objects:

(1) void SetAttribute (String key, Object value):

Stores the value of an object in the session as a key/value

Session.setattribute ("GXs", "admin");

(2) Object getattribute (String key):

Gets the value of the stored object in the session according to the name

String name = (string) session.getattribute ("GXs");

Specific code:

<%
if (Rs.next ()) {//If it is a registered user

Encapsulates the user name and password in the Users object

User Logineduser = new User (name, pass);

Session.setattribute ("GXs", Logineduser);

Response.sendredirect ("welcome.jsp");

} else {

Response.sendredirect ("login.html");

}
%>

Here the user put GXS and Logineduser set up a key value relationship, convenient for later use.

Access control for JSP pages