session共享
一、session共享的目的
session共享是為了解決負載均衡的時候session信息不能共享的問題; 即session不能跨服務器訪問;
session共享可以通過以下五種方式實現:
- 服務器文件同步(造成文件重復,資源浪費;不建議)
- session存數據庫(加大數據庫壓力;不建議)
- 存放在cookie中(cookie不太安全, 不建議)
- ip_hash(如果是局域網的話會造成這個局域的所有用戶ip_hash值都一樣; 不建議)
- 存緩存(redis, 或者memcache; 推薦使用)
二、 session共享的實現
以采用redis實現為例:
將session存儲在redis中, 將cookie作用域設置在頂級域名上, 這樣SessionID就可以在各個子系統之間共享;
session共享實現邏輯如下:
- Controller層, 用戶登入后將token存入到cookie中
/**
* Controller層邏輯
*/
@Controller
public class UserController {
@Autowired
private UserService userService;
@Value("${TOKEN_KEY}")
private String TOKEN_KEY; // 記錄SessionID的cookie名字
@RequestMapping(value="/user/login", method=RequestMethod.POST)
@ResponseBody
public ResponseResult login(String username, String password,
HttpServletResponse response, HttpServletRequest request) {
// 檢驗用戶是否已經登入,若登入則返回400錯誤
String token = CookieUtils.getCookieValue(request, TOKEN_KEY);
// 通過token從redis中獲取用戶session
ResponseResult userByToken = userService.getUserByToken(token);
TbUser data = (TbUser)userByToken.getData();
if(data != null && data.getUsername().equals(username)) {
return ResponseResult.build(400, "用戶已登入,請勿重復登入");
}
// 不是重復登入,則執行login方法
ResponseResult result = userService.login(username, password);
// 登入成功后寫入cookie
if(result.getStatus() == 200) {
// 把token寫入cookie
CookieUtils.setCookie(request, response, TOKEN_KEY, result.getData().toString());
}
return result;
}
}
- Service層, 用戶登入, 調用login, 為用戶生成token, 並以USER_SESSION:token為鍵, user對象的json串為值,存入到redis中;
/**
* Service層邏輯
*/
@Service
public class UserServiceImpl implements UserService{
@Autowired
private TbUserMapper userMapper;
@Autowired
private JedisClient jedisClient ;
@Value("${USER_SESSION}")
private String USER_SESSION;
@Value("${SESSION_EXPIRE}")
private Integer SESSION_EXPIRE;
@Override
public ResponseResult getUserByToken(String token) {
String json = jedisClient.get(USER_SESSION + ":" + token);
if(StringUtils.isBlank(json)) {
return ResponseResult.build(400, "用戶登入已過期,請重新登入");
}
// 重置Session過期時間
jedisClient.expire(USER_SESSION + ":" + token, SESSION_EXPIRE);
// 把json轉成user對象
TbUser user = JsonUtils.jsonToPojo(json, TbUser.class);
return ResponseResult.ok(user);
}
@Override
public ResponseResult login(String userName, String password) {
// 判斷用戶名和密碼是否正確
TbUser user = new TbUser();
user.setUsername(userName);
List<TbUser> list = userMapper.selectByRecord(user);
if(list == null || list.size() == 0) {
return ResponseResult.build(400, "用戶名或密碼不正確");
}
TbUser resultUser = list.get(0);
// 校驗密碼是否正確
if(!DigestUtils.md5DigestAsHex(password.getBytes())
.equals(resultUser.getPassword())) {
return ResponseResult.build(400, "用戶名或密碼不正確");
}
// 使用UUID生成token
String token = UUID.randomUUID().toString();
// 清空密碼
resultUser.setPassword(null);
// 把用戶信息保存到redis,key為token,value為用戶信息。
jedisClient.set(USER_SESSION + ":" + token, JsonUtils.objectToJson(resultUser));
// 設置token過期時間
jedisClient.expire(USER_SESSION + ":" + token, SESSION_EXPIRE);
// 返回登入成功, 返回token
return ResponseResult.ok(token);
}
}
- CookieUtil, 設置cookie作用域頂級域名, 解決cookie跨域讓子系統共享
public final class CookieUtils {
/**
* 設置Cookie的值 不設置生效時間默認瀏覽器關閉即失效,也不編碼
*/
public static void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName,
String cookieValue) {
doSetCookie(request, response, cookieName, cookieValue, -1, true);
}
/**
* 設置Cookie的值,並使其在指定時間內生效
* @param cookieMaxage cookie生效的最大秒數
*/
private static final void doSetCookie(HttpServletRequest request, HttpServletResponse response,
String cookieName, String cookieValue, int cookieMaxage, boolean isEncode) {
try {
if (cookieValue == null) {
cookieValue = "";
} else if (isEncode) {
cookieValue = URLEncoder.encode(cookieValue, "utf-8");
}
Cookie cookie = new Cookie(cookieName, cookieValue);
if (cookieMaxage > 0)
cookie.setMaxAge(cookieMaxage);
if (null != request) {// 設置域名的cookie
String domainName = getDomainName(request);
System.out.println(domainName);
if (!"localhost".equals(domainName)) {
cookie.setDomain(domainName);
}
}
cookie.setPath("/");
response.addCookie(cookie);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 得到cookie的頂級域名
*/
public static final String getDomainName(HttpServletRequest request) {
String domainName = null;
String serverName = request.getRequestURL().toString();
if (serverName == null || serverName.equals("")) {
domainName = "";
} else {
serverName = serverName.toLowerCase();
serverName = serverName.substring(7);
final int end = serverName.indexOf("/");
serverName = serverName.substring(0, end);
final String[] domains = serverName.split("\\.");
int len = domains.length;
if (len > 3) {
// www.xxx.com.cn
domainName = "." + domains[len - 3] + "." + domains[len - 2] + "." + domains[len - 1];
} else if (len <= 3 && len > 1) {
// xxx.com or xxx.cn
domainName = "." + domains[len - 2] + "." + domains[len - 1];
} else {
domainName = serverName;
}
}
if (domainName != null && domainName.indexOf(":") > 0) {
String[] ary = domainName.split("\\:");
domainName = ary[0];
}
return domainName;
}
}