设置会话 cookie 侦听器
Set session cookie listener
我怎么能在我的网站上说一个 cookie 被加载了多少次?
例如,我使用我的凭据登录,我的 jsp 运行并显示结果......当我得到结果时,我想这样说用户名凭据:
<%
String Usuario = null;
Cookie[] cookies =request.getCookies();
if (cookies != null){
for(Cookie cookie : cookies){
if(cookie.getName().equals("usuario"))
Usuario = cookie.getValue();
}
}
if (Usuario == null)
response.sendRedirect("Index.html");
%>
<h3>
Hi <%=Usuario %>, Login Complete.
</h3>
<form action="Logout" method="post">
<input type="submit" value="Logout">
</form>
但是如果我重新加载页面,我想计算 cookie 被重新加载的次数,所以在我的响应中我得到:
<h3>
Hi <%=Usuario %>, Login Complete. + cookiecount
</h3>
我该怎么做?
JSP:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login con Cookies</title>
</head>
<body>
<%
String Usuario = null;
Cookie[] cookies =request.getCookies();
if (cookies != null){
for(Cookie cookie : cookies){
if(cookie.getName().equals("usuario"))
Usuario = cookie.getValue();
}
}
if (Usuario == null)
response.sendRedirect("Index.html");
%>
<h3>
Hi <%=Usuario %>, Login Complete.
</h3>
<form action="Logout" method="post">
<input type="submit" value="Logout">
</form>
</body>
LoginServlet:
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String user = request.getParameter("usuario");
String contra = request.getParameter("contrasena");
if (userID.equals(user) && password.equals(contra)){
Cookie Gerardocookie = new Cookie("usuario",user);
Gerardocookie.setMaxAge(60 * 60);
response.addCookie(Gerardocookie);
response.sendRedirect("Procesardatos.jsp");
} else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("/index.html");
PrintWriter out = response.getWriter();
out.println("<font color=red>Usuario y/o contrasena invalidas");
rd.include(request, response);
}
}
--------------------------------更新------------ --------------------------
JSP:
<body>
<%
String usuario = (String)session.getAttribute("usuario");
if (usuario == null) {
response.sendRedirect("Index.html");
return;
}
AtomicInteger sessionCount = (AtomicInteger)session.getAttribute("count");
int count = sessionCount.incrementAndGet(); // count = ++sessionCount
%>
服务器:
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String user = request.getParameter("usuario");
String contra = request.getParameter("contrasena");
HttpSession session = request.getSession();
session.setAttribute("usuario", user);
session.setAttribute("count", new AtomicInteger());
if (userID.equals(user) && password.equals(contra)){
Cookie Gerardocookie = new Cookie("usuario",user);
Gerardocookie.setMaxAge(60 * 60);
response.addCookie(Gerardocookie);
response.sendRedirect("Procesardatos.jsp");
} else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("/index.html");
PrintWriter out = response.getWriter();
out.println("<font color=red>Usuario y/o contrasena invalidas");
rd.include(request, response);
}
}
Cookie 很容易被破解,因此简单地在 cookie 中设置用户名对于确保安全几乎毫无用处。任何会话 cookie 都可以作为永不过期的 cookie 复制到另一台计算机。
建议您改为将用户名存储在会话中。即使 cookie 被盗,一旦服务器使会话过期,它也变得毫无用处。 (您还可以采取其他措施进一步提高安全性。)
然后您可以使用计数器存储第二个会话属性:
HttpSession session = request.getSession();
session.setAttribute("usuario", user);
session.setAttribute("count", new AtomicInteger());
在后续请求中查询会话:
HttpSession session = request.getSession();
String usuario = (String)session.getAttribute("usuario");
if (usuario == null) {
response.sendRedirect("Index.html");
return;
}
AtomicInteger sessionCount = (AtomicInteger)session.getAttribute("count");
int count = sessionCount.incrementAndGet(); // count = ++sessionCount
这与您的要求一致,但它会增加 每个 对执行此操作的服务器的请求的计数器。如果除了登录页面之外的所有请求都是安全的,那么它们都会执行此操作,因此您基本上是在计算请求数。
我怎么能在我的网站上说一个 cookie 被加载了多少次? 例如,我使用我的凭据登录,我的 jsp 运行并显示结果......当我得到结果时,我想这样说用户名凭据:
<%
String Usuario = null;
Cookie[] cookies =request.getCookies();
if (cookies != null){
for(Cookie cookie : cookies){
if(cookie.getName().equals("usuario"))
Usuario = cookie.getValue();
}
}
if (Usuario == null)
response.sendRedirect("Index.html");
%>
<h3>
Hi <%=Usuario %>, Login Complete.
</h3>
<form action="Logout" method="post">
<input type="submit" value="Logout">
</form>
但是如果我重新加载页面,我想计算 cookie 被重新加载的次数,所以在我的响应中我得到:
<h3>
Hi <%=Usuario %>, Login Complete. + cookiecount
</h3>
我该怎么做?
JSP:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login con Cookies</title>
</head>
<body>
<%
String Usuario = null;
Cookie[] cookies =request.getCookies();
if (cookies != null){
for(Cookie cookie : cookies){
if(cookie.getName().equals("usuario"))
Usuario = cookie.getValue();
}
}
if (Usuario == null)
response.sendRedirect("Index.html");
%>
<h3>
Hi <%=Usuario %>, Login Complete.
</h3>
<form action="Logout" method="post">
<input type="submit" value="Logout">
</form>
</body>
LoginServlet:
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String user = request.getParameter("usuario");
String contra = request.getParameter("contrasena");
if (userID.equals(user) && password.equals(contra)){
Cookie Gerardocookie = new Cookie("usuario",user);
Gerardocookie.setMaxAge(60 * 60);
response.addCookie(Gerardocookie);
response.sendRedirect("Procesardatos.jsp");
} else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("/index.html");
PrintWriter out = response.getWriter();
out.println("<font color=red>Usuario y/o contrasena invalidas");
rd.include(request, response);
}
}
--------------------------------更新------------ --------------------------
JSP:
<body>
<%
String usuario = (String)session.getAttribute("usuario");
if (usuario == null) {
response.sendRedirect("Index.html");
return;
}
AtomicInteger sessionCount = (AtomicInteger)session.getAttribute("count");
int count = sessionCount.incrementAndGet(); // count = ++sessionCount
%>
服务器:
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String user = request.getParameter("usuario");
String contra = request.getParameter("contrasena");
HttpSession session = request.getSession();
session.setAttribute("usuario", user);
session.setAttribute("count", new AtomicInteger());
if (userID.equals(user) && password.equals(contra)){
Cookie Gerardocookie = new Cookie("usuario",user);
Gerardocookie.setMaxAge(60 * 60);
response.addCookie(Gerardocookie);
response.sendRedirect("Procesardatos.jsp");
} else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("/index.html");
PrintWriter out = response.getWriter();
out.println("<font color=red>Usuario y/o contrasena invalidas");
rd.include(request, response);
}
}
Cookie 很容易被破解,因此简单地在 cookie 中设置用户名对于确保安全几乎毫无用处。任何会话 cookie 都可以作为永不过期的 cookie 复制到另一台计算机。
建议您改为将用户名存储在会话中。即使 cookie 被盗,一旦服务器使会话过期,它也变得毫无用处。 (您还可以采取其他措施进一步提高安全性。)
然后您可以使用计数器存储第二个会话属性:
HttpSession session = request.getSession();
session.setAttribute("usuario", user);
session.setAttribute("count", new AtomicInteger());
在后续请求中查询会话:
HttpSession session = request.getSession();
String usuario = (String)session.getAttribute("usuario");
if (usuario == null) {
response.sendRedirect("Index.html");
return;
}
AtomicInteger sessionCount = (AtomicInteger)session.getAttribute("count");
int count = sessionCount.incrementAndGet(); // count = ++sessionCount
这与您的要求一致,但它会增加 每个 对执行此操作的服务器的请求的计数器。如果除了登录页面之外的所有请求都是安全的,那么它们都会执行此操作,因此您基本上是在计算请求数。