cookie与sessionID之间的关系实验

 

上一篇介绍了cookie,这里来看看cookie与sessionID之间有什么关系。

 

一、编写测试用例代码

新建一个servlet如下:

public class SessionServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public SessionServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     System.out.println("----->进入doget方法......"); HttpSession session
=request.getSession(); System.out.println("sessionId:---->"+session.getId()); //获得请求中的cookie Cookie[] cs=request.getCookies(); if(cs!=null){//有cookie,并且又指定的cookie System.out.println("cookie长度:"+cs.length); for(Cookie co:cs){ System.out.println(co.getName()+";"+co.getValue()); } }else{ System.out.println("没有cookie"); } Cookie visitCookie=new Cookie("visitCookie","yes"); visitCookie.setMaxAge(60*60);//设置cookie失效时间 response.addCookie(visitCookie); PrintWriter out=response.getWriter(); out.print("<html><body><h1>sessionId:"+session.getId()+"</h1></body></html>"); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); } }

二、开始测试

1.使用 火狐浏览器打开连接

第 1 次打开链接,请求头响应头如下:

【响应头】:

Connection close
Content-Language zh-CN
Content-Length 318
Content-Type text/html;charset=ISO-8859-1
Date Tue, 26 Feb 2019 03:11:49 GMT
Set-Cookie JSESSIONID=1D8268B571F492DDE6DA2A4D5B6BC2E3;path=/;HttpOnly

【请求头】

 

Accept text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Connection keep-alive
Host localhost:8899
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/56.0

【控制台输出】:

                sessionId : 1D8268B571F492DDE6DA2A4D5B6BC2E3

                jsessionId: 

第 2 次打开连接(刷新页面)

【响应头】

Content-Length 89
Content-Type text/html;charset=UTF-8
Date Tue, 26 Feb 2019 03:15:02 GMT

【请求头】

Accept text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Cache-Control max-age=0
Connection keep-alive
Cookie JSESSIONID=1D8268B571F492DDE6DA2A4D5B6BC2E3
Host localhost:8899
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/56.0

【控制台输出】

            sessionId: 1D8268B571F492DDE6DA2A4D5B6BC2E3

           jsessionId: 1D8268B571F492DDE6DA2A4D5B6BC2E3

第三次打开连接(再次刷新页面)

   于第二次一致

 

结论:

首次访问时:服务器创建 session,并告诉客户端设置cookie来存储sessionId ,即如下响应头:

Set-Cookie JSESSIONID=1D8268B571F492DDE6DA2A4D5B6BC2E3;path=/;HttpOnly

再次访问时:客户端 携带此 存有此 sessionId (cookie中为jsessionId)的cookie给服务器。【告诉服务器,我就是刚才那个人】

 

2. 关闭浏览器看看 session 会如何变化

第一次访问,  响应头   

Set-Cookie JSESSIONID=927B67009E1E4439F8857074B867AF3A;path=/;HttpOnly

sessionId : 927B67009E1E4439F8857074B867AF3A

jsessionId : 

 

再次刷新:

sessionId: 927B67009E1E4439F8857074B867AF3A

jsessionId: 927B67009E1E4439F8857074B867AF3A

 

结论: 关闭浏览器之后,重新打开页面,会开启新的session

 

 3.禁用浏览器cookie,访问四次如下:

禁用cookie之后,每次sessionID都不一样

 

所以,当客户端禁用cookie之后,便不好跟踪用户了。这时可使用response.encodeURL   

 servlet中response.sendRedirect(response.encodeRedirectURL("2.jsp"));

jsp中:<a href="<%=response.encodeURL("http://localhost:6060/xxx/xxxServlet")%>">111</a>

 

 

posted @ 2014-07-30 15:33  逃离沙漠  阅读(4400)  评论(0编辑  收藏  举报