"Javaweb" saves user login information with session

The previous blog mentions that, for security reasons, sessions are often used to save user login information. So how does the server come to be implemented. Here I have a simple simulation.

The first step is to write the login home page:

<! DOCTYPE html>
 
The second step is to create the Loginservlet class because it is to obtain server-side resource information, so the Doget method is used to process the request. The actual processing process must be to query the user information in the database, simplified here, to understand the use of the session.

Package gz.itcast;
Import java.io.IOException;
Import Java.io.PrintWriter;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;

Import javax.servlet.http.HttpSession; public class Loginservlet extends HttpServlet {public void doget (HttpServletRequest request, HttpServletResponse Res

        Ponse) throws Servletexception, IOException {request.setcharacterencoding ("utf-8");
        Receive parameter String UserName = Request.getparameter ("UserName");

        String userpwd = Request.getparameter ("Userpwd"); Determine whether the login was successful if (Username.equals ("Liu Xiaobin") && userpwd.equals ("123456")) {//Login succeeded//create SE
            Ssion Object HttpSession session = Request.getsession ();
            The user data is saved in the session domain object Session.setattribute ("LoginName", userName); Jump to User homepage Response.sendredirect (request.gEtcontextpath () + "/indexservlet");
        else {//Login failed, request redirect Response.sendredirect (Request.getcontextpath () + "/fail.html"); } public void DoPost (HttpServletRequest request, httpservletresponse response) throws Servletexcept
    Ion, IOException {doget (request, response); }

}
 
 The Indexservlet class that was successfully created for the request: 
 

Package gz.itcast;
Import java.io.IOException;

Import Java.io.PrintWriter;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;

Import javax.servlet.http.HttpSession; public class Indexservlet extends HttpServlet {public void doget (HttpServletRequest request, HttpServletResponse Res
        Ponse) throws Servletexception, IOException {response.setcontenttype ("text/html;charset=utf-8");

        PrintWriter writer = Response.getwriter ();

        String html = "";
        Get Session Object HttpSession session = Request.getsession (false); 
            if (session==null) {//No login succeeded, jump to login page Response.sendredirect (request.getcontextpath () + "/login.html");
        Return
        ///Remove session data String LoginName = (string) session.getattribute ("LoginName");
       if (loginname==null) {//No login succeeded, jump to login page     Response.sendredirect (Request.getcontextpath () + "/login.html");
        Return


        HTML = " 
Failed page created for request failure:

<! DOCTYPE html>
 
Structure of the project:

OK, now open the Tomcat server and see how it works:

Enter the URL for the login interface:

Enter the wrong login name or password:

Jump to the error page:

Enter the correct user name and password:

Jump to the user's home page:

Note that when you refresh the user's home page or do some other action, the user information is still there. The session domain object disappears unless the conversation disappears.

Some problems occurred during the operation: the session class name is wrong, found that after the direct modification is not enough, must be configured in Web.xml, or there will be 404 errors. Of course, if the URL is incorrectly written in the redirection process, there will be a 500 error.