"Javaweb" saves user login information with session

Source: Internet
Author: User
Tags tomcat server

The previous blog mentions that, for security reasons, sessions are often used to save user login information. So how does the server come to be implemented. Here I have a simple simulation.

The first step is to write the login home page:

<! DOCTYPE html>

The second step is to create the Loginservlet class because it is to obtain server-side resource information, so the Doget method is used to process the request. The actual processing process must be to query the user information in the database, simplified here, to understand the use of the session.

Package gz.itcast;
Import java.io.IOException;
Import Java.io.PrintWriter;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;

Import javax.servlet.http.HttpSession; public class Loginservlet extends HttpServlet {public void doget (HttpServletRequest request, HttpServletResponse Res

        Ponse) throws Servletexception, IOException {request.setcharacterencoding ("utf-8");
        Receive parameter String UserName = Request.getparameter ("UserName");

        String userpwd = Request.getparameter ("Userpwd"); Determine whether the login was successful if (Username.equals ("Liu Xiaobin") && userpwd.equals ("123456")) {//Login succeeded//create SE
            Ssion Object HttpSession session = Request.getsession ();
            The user data is saved in the session domain object Session.setattribute ("LoginName", userName); Jump to User homepage Response.sendredirect (request.gEtcontextpath () + "/indexservlet");
        else {//Login failed, request redirect Response.sendredirect (Request.getcontextpath () + "/fail.html"); } public void DoPost (HttpServletRequest request, httpservletresponse response) throws Servletexcept
    Ion, IOException {doget (request, response); }

}

The Indexservlet class that was successfully created for the request:

Package gz.itcast;
Import java.io.IOException;

Import Java.io.PrintWriter;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;

Import javax.servlet.http.HttpSession; public class Indexservlet extends HttpServlet {public void doget (HttpServletRequest request, HttpServletResponse Res
        Ponse) throws Servletexception, IOException {response.setcontenttype ("text/html;charset=utf-8");

        PrintWriter writer = Response.getwriter ();

        String html = "";
        Get Session Object HttpSession session = Request.getsession (false); 
            if (session==null) {//No login succeeded, jump to login page Response.sendredirect (request.getcontextpath () + "/login.html");
        Return
        ///Remove session data String LoginName = (string) session.getattribute ("LoginName");
       if (loginname==null) {//No login succeeded, jump to login page     Response.sendredirect (Request.getcontextpath () + "/login.html");
        Return


        HTML = " 

Failed page created for request failure:

<! DOCTYPE html>

Structure of the project:

OK, now open the Tomcat server and see how it works:

Enter the URL for the login interface:

Enter the wrong login name or password:

Jump to the error page:

Enter the correct user name and password:

Jump to the user's home page:

Note that when you refresh the user's home page or do some other action, the user information is still there. The session domain object disappears unless the conversation disappears.

Some problems occurred during the operation: the session class name is wrong, found that after the direct modification is not enough, must be configured in Web.xml, or there will be 404 errors. Of course, if the URL is incorrectly written in the redirection process, there will be a 500 error.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.