使用cookie保存用户登陆信息

我使用Struts1.x做演示：



1、建立两个ActionBean，LoginAction负责用户登陆（持久化cookie）；LogoutAction负责退出登陆（删除cookie）



LoginAction code:

public class LoginAction extends Action {

	private final int MAX_AGE = 14 * 24 * 60 * 60;

	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response) {
		DynaActionForm testForm = (DynaActionForm) form;// TODO Auto-generated
		//
		String id = testForm.getString("userName");
		String password = testForm.getString("userPW");
		//
		if (true) {// 假设登录成功
			Cookie idCookie = new Cookie("id", id); // 可以使用md5或着自己的加密算法保存
			Cookie passwordCookie = new Cookie("password", password);
			idCookie.setPath("/"); // cookie路径
			idCookie.setMaxAge(MAX_AGE);
			passwordCookie.setPath("/");
			passwordCookie.setMaxAge(MAX_AGE);
			//
			response.addCookie(idCookie);
			response.addCookie(passwordCookie);
			//
			User u = new User();
			u.setUname(id);
			u.setUpwd(password);
			request.getSession().setAttribute("user", u);
			return mapping.findForward("ok");
		}

		return mapping.findForward("back");
	}

}

LogoutAction code:

public class logoutAction extends Action {

	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response) {
		DynaActionForm testForm = (DynaActionForm) form;// TODO Auto-generated
		//		
		request.getSession().invalidate();
		Cookie idCookie = new Cookie("id", "");
		Cookie passwordCookie = new Cookie("password", "");
		idCookie.setMaxAge(0); // 使cookie失效
		passwordCookie.setMaxAge(0);
		idCookie.setPath("/"); // 这个不能少
		passwordCookie.setPath("/");
		response.addCookie(idCookie);
		response.addCookie(passwordCookie);
		//
		return mapping.findForward("ok");
	}
}

2、在保存完cookie后要保证以后用户每次访问该系统的任意页面系统都必须先访问用户的cookie查看是否有登陆信息，这个使用servlet的filter实现最为方便。



Filter code:

public class doFilterProcessing implements Filter {

	public void destroy() {
		// TODO Auto-generated method stub

	}

	private void doBeforeProcessing(ServletRequest request) {
		HttpSession session = ((HttpServletRequest) request).getSession(true);
		// 首先检查session，若已经登陆则直接忽略一下代码
		if (session.getAttribute("user") != null) {
			return;
		}
		Cookie[] cookies = ((HttpServletRequest) request).getCookies();
		String id = null;
		String password = null;

		if (cookies != null) {
			for (Cookie c : cookies) {
				if (c.getName().equals("id")) {
					id = c.getValue();
				}
				if (c.getName().equals("password")) {
					password = c.getValue();
				}
			}
		}

		if (validateUser(id, password)) { // 验证用户密码和id
			session = ((HttpServletRequest) request).getSession(true);
			User u = new User();
			u.setUname(id);
			u.setUpwd(password);
			session.setAttribute("user", u);
		}
	}

	private Boolean validateUser(String id, String password) {
		if (id == null || password == null) {
			return false;
		}
		return true;
	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		doBeforeProcessing(request);
		chain.doFilter(request, response);
	}

	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub

	}

配置web.xml

<filter>
		<filter-name>FilterProcessing</filter-name>
		<filter-class>com.struts.doFilterProcessing</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>FilterProcessing</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

最后写一个jsp脚本，如果cookie存在则跳过登录界面

<%@ page language="java" contentType="text/html; charset=utf-8"
	pageEncoding="utf-8"%>
<%
	Object x = request.getSession().getAttribute("user");
	if (x != null) {
		
		response.sendRedirect("ok.jsp");
		return;
	}
%>