上一篇介紹了cookie,這里來看看cookie與sessionID之間有什么關系。
一、編寫測試用例代碼
新建一個servlet如下:
public class SessionServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public SessionServlet() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("----->進入doget方法......"); HttpSession session=request.getSession(); System.out.println("sessionId:---->"+session.getId()); //獲得請求中的cookie Cookie[] cs=request.getCookies(); if(cs!=null){//有cookie,並且又指定的cookie System.out.println("cookie長度:"+cs.length); for(Cookie co:cs){ System.out.println(co.getName()+";"+co.getValue()); } }else{ System.out.println("沒有cookie"); } Cookie visitCookie=new Cookie("visitCookie","yes"); visitCookie.setMaxAge(60*60);//設置cookie失效時間 response.addCookie(visitCookie); PrintWriter out=response.getWriter(); out.print("<html><body><h1>sessionId:"+session.getId()+"</h1></body></html>"); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); } }
二、開始測試
1.使用 火狐瀏覽器打開連接
第 1 次打開鏈接,請求頭響應頭如下:
【響應頭】:
| Connection | close |
| Content-Language | zh-CN |
| Content-Length | 318 |
| Content-Type | text/html;charset=ISO-8859-1 |
| Date | Tue, 26 Feb 2019 03:11:49 GMT |
| Set-Cookie | JSESSIONID=1D8268B571F492DDE6DA2A4D5B6BC2E3;path=/;HttpOnly |
【請求頭】
| Accept | text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8 |
| Accept-Encoding | gzip, deflate |
| Accept-Language | zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 |
| Connection | keep-alive |
| Host | localhost:8899 |
| Upgrade-Insecure-Requests | 1 |
| User-Agent | Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/56.0 |
【控制台輸出】:
sessionId : 1D8268B571F492DDE6DA2A4D5B6BC2E3
jsessionId:
第 2 次打開連接(刷新頁面)
【響應頭】
| Content-Length | 89 |
| Content-Type | text/html;charset=UTF-8 |
| Date | Tue, 26 Feb 2019 03:15:02 GMT |
【請求頭】
| Accept | text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8 |
| Accept-Encoding | gzip, deflate |
| Accept-Language | zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 |
| Cache-Control | max-age=0 |
| Connection | keep-alive |
| Cookie | JSESSIONID=1D8268B571F492DDE6DA2A4D5B6BC2E3 |
| Host | localhost:8899 |
| Upgrade-Insecure-Requests | 1 |
| User-Agent | Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/56.0 |
【控制台輸出】
sessionId: 1D8268B571F492DDE6DA2A4D5B6BC2E3
jsessionId: 1D8268B571F492DDE6DA2A4D5B6BC2E3
第三次打開連接(再次刷新頁面)
於第二次一致
結論:
首次訪問時:服務器創建 session,並告訴客戶端設置cookie來存儲sessionId ,即如下響應頭:
| Set-Cookie | JSESSIONID=1D8268B571F492DDE6DA2A4D5B6BC2E3;path=/;HttpOnly |
再次訪問時:客戶端 攜帶此 存有此 sessionId (cookie中為jsessionId)的cookie給服務器。【告訴服務器,我就是剛才那個人】
2. 關閉瀏覽器看看 session 會如何變化
第一次訪問, 響應頭
| Set-Cookie | JSESSIONID=927B67009E1E4439F8857074B867AF3A;path=/;HttpOnly |
sessionId : 927B67009E1E4439F8857074B867AF3A
jsessionId :
再次刷新:
sessionId: 927B67009E1E4439F8857074B867AF3A
jsessionId: 927B67009E1E4439F8857074B867AF3A
結論: 關閉瀏覽器之后,重新打開頁面,會開啟新的session
3.禁用瀏覽器cookie,訪問四次如下:
禁用cookie之后,每次sessionID都不一樣
所以,當客戶端禁用cookie之后,便不好跟蹤用戶了。這時可使用response.encodeURL
servlet中response.sendRedirect(response.encodeRedirectURL("2.jsp"));
jsp中:<a href="<%=response.encodeURL("http://localhost:6060/xxx/xxxServlet")%>">111</a>