基于session的单点登陆

1、第一次访问，登录成功

(1)登陆界面

<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" src="jquery-3.2.1/jquery-3.2.1.min.js"></script>
<script type="text/javascript">
	function login() {
	
		var userInfo = {
				"uname":$("#userName").val(),
				"upsw":$("#userPwd").val()
				};
		$.getJSON("UserLoginServlet.action",userInfo,function(data){
			if(data.success){
					//需要完善
				  window.location.href = "${pageContext.request.contextPath}/HouseInfoShowServlet.action";
			}else{
				alert("用户名或密码错误，请重新输入");
				$("#userName").focus();
			}
		});
	}
</script>
<title>Insert title here</title>
</head>
<body>
<div>
	<input type="text" id="userName"/><br/>
	<input type="password" id="userPwd"/><br/>
	<button onclick="login()">登录</button>
</div>
</body>
</html>

2、根据用户名和密码检查是否有该session，如果有session中存入已登录信息，覆盖session

protected void doPost(HttpServletRequest request, HttpServletResponse response)              throws ServletException, IOException {
		request.setCharacterEncoding("utf-8");
		response.setCharacterEncoding("utf-8");
		String name=request.getParameter("Userame");
		String password=request.getParameter("password");
		System.out.println(name);
		System.out.println(password);
		//List<UserInfo> lists = Methods.selectNamePwd();
		UserInfo  info = Methods.selectNamePwd(name, password);
		ResultMsg result;
		if(info!=null) {
			checkUser(request);
			info.setUserName(name);
			HttpSession session = request.getSession();
			session.setAttribute("info", info);
			response.sendRedirect("HouseShow.action");
			result = ResultMsg.success();	
		}else{
			result = ResultMsg.failure("输入的密码不正确！请查证！");
			request.getRequestDispatcher("login.html").forward(request, response);
		}
		response.getWriter().write(JSON.toJSONString(result));
		/*for(UserInfo s2:lists) {
			String name1 = s2.getUserName();
			String password2 = s2.getUserPwd();
			if(name.equals(name1)&&password.equals(password2)) {
				response.sendRedirect("HouseShow");
			}else {
				request.getRequestDispatcher("login.html");
			}
		}*/
	}

3、如果没有添加session

private void checkUser(HttpServletRequest request) {
		String userName = request.getParameter("Userame");
		String userPwd = request.getParameter("password");
		//获取上次登录的session(如果有的话)
		HttpSession session = SessionInfo.USER_SESSION.get(userName+userPwd);
		if(session!=null) {
			//在上次登录的session中放入一条信息
			session.setAttribute("msg", ResultMsg.failure("该账号在另一处登录，是否重新登录"));
		}
		//此处有替换session的功能
		SessionInfo.USER_SESSION.put(userName+userPwd, request.getSession());
	}

4、跳转到data.jsp界面

request.setCharacterEncoding("utf-8");
		response.setCharacterEncoding("utf-8");
		HttpSession session = request.getSession();
		UserInfo info =  (UserInfo) session.getAttribute("info");
		System.out.println(info.getUserName());
		String userName = info.getUserName();
		List<HouseInfo> houseInfos  = Methods.selectHouse(userName);
		session.setAttribute("houseInfos",houseInfos);		
		request.getRequestDispatcher("/WEB-INF/data.jsp").forward(request, response);

5、在该界面中循环访问checkLogin，获取信息

$(function() {
	setInterval(checkUserOnline, 5*1000);
});
function checkUserOnline() {
	$.getJSON("UserCheckLoginServlet.action",function(data){
		if(!data.success){
			alert(data.msg);
			//注销
			 window.location.href = "${pageContext.request.contextPath}/UserLogoutServlet.action";
		}
	});
}

6、如果发现已登录，跳转到注销servlet中

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("application/json");
		ResultMsg msg = (ResultMsg) request.getSession().getAttribute("msg");
		//表示未出现重复登录情况
		if(msg == null) {
			msg = ResultMsg.success();
		}
		response.getWriter().write(JSON.toJSONString(msg));
	}

6、在注销servlet中，使session实效，跳转到login.jsp

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		//注销以后把 对象移除
		HttpSession session = request.getSession();
		UserInfo userInfo = (UserInfo) session.getAttribute("info");
		if(session == SessionInfo.USER_SESSION.get(userInfo.getUserName()+userInfo.getUserPwd())) {
			SessionInfo.USER_SESSION.remove(userInfo.getUserName()+userInfo.getUserPwd());
		}
		//移除session
		session.invalidate();
		  //重定向到登录页面login.jsp
        response.sendRedirect(request.getContextPath()+"/login.html");
	}

基于session的单点登陆

猜你喜欢