Cookies Enable automatic Login

There are many Web applications after the first login, in a certain amount of time (such as 2 hours) to access the same Web program again without having to log in again, but directly into the main interface of the program (native only). The key to achieving this is the identity of the server to identify the customer. and using cookies is the simplest body to validate from.

If the user is logged on for the first time , the user name can be written locally as a cookie with the following code:

New Cookie ("User", user), Cookie.setmaxage (365 * 3600);Cookie.setpath ("/"); Response.addcookie (cookies);

When the user accesses the program again , the service-side program should detect if the cookie exists and the code is as follows:

Cookie[] cookies=request.getcookies ();  for (Cookie cookie:cookies) {    if(Cookie.getname (). Equals (user))    {        // If the user cookie exists, it is processed         Break ;    }}

Although the user cookie can be obtained from the client, this cookie may be present for a long time, and it is not safe to log on automatically with this cookie , so you can The server uses a session to manage the user. That is, when the first login succeeds , a session is created and some of the user's information is saved in the session . The code is as follows:

HttpSession session =request.getsession (); Session.setattribute (user, user); Session.setmaxinactiveinterval ( 2 * 3600);  // session Save two hours

When the program is accessed again , after the cookie is identified, the user session continues to be verified , with the following code:

Cookie[] cookies=request.getcookies ();  for (Cookie cookie:cookies) {    if(Cookie.getname (). Equals (user))    {        if NULL         {            //  Direct forward to main interface break           ;        }         Else         {             //  forward to login interface          }      }}

Although the above code can implement the automatic login function well, when the browser shuts down and starts again , the Jsessionid cookie that the servlet uses to hold the session ID is temporary (that is, it is not a persistent cookie, When the browser is closed, the cookie is deleted), so the Jsessionid needs to be persisted. The code is as follows:

HttpSession session = request.getsession (); Session.setattribute (user, user); Session.setmaxinactiveinterval ( 2 * 3600);  // session Save two hours  New Cookie ("Jsessionid", Session.getid ()); Cookie.setmaxage (2 * 3600);  // client Jsessionid also save for two hours Session.setmaxinactiveinterval (interval) cookie.setpath ("/");        Response.addcookie (cookie);

If you use the code above, the Web program will still be able to log on automatically, even if the browser is turned off, within two hours.

If we add a jsessionid Cookie ourselves, the HTTP response header has two jsessionid when we first access the Web program, but because the values of these two jsessionid are exactly the same, there is no effect. If there are multiple identical cookies in the Set-cookie field of the response header, the comparison is made by path and name, and if the two values are the same, it is considered the same cookie, and the last cookie that appears overwrites the previous same cookie. As in the following two cookies, the last one will overwrite the previous one:

set-cookie:jsessionid=ddb2274cac6739e1d6747b0043d5d90e; path=/webset-cookie:jsessionid=mysession; Expires=thu, 05-jun-2008 05:02:50 GMT; Path=/web

Because the following two cookies have different path, they are completely different two cookies:

set-cookie:jsessionid=ddb2274cac6739e1d6747b0043d5d90e; path=/web1set-cookie:jsessionid=mysession; Expires=thu, 05-jun-2008 05:02:50 GMT; Path=/web2

　　 Thanks: Thank you for your patience and reading!

Cookies Enable automatic Login