Session控制登录登出

package com.session.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

@SpringBootApplication
@RestController
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
    /**
     * 一个浏览器对应一个唯一sessionid，浏览器第一次请求都会创建session，关闭浏览器，重启服务器，服务端控制session都能使session失效
     * @param username
     * @param request
     * @return
     */
    @GetMapping("/login")
    public String login(@RequestParam String username, HttpServletRequest request) {
        HttpSession session = request.getSession();
        session.setMaxInactiveInterval(1000*60*60);
        System.out.println(session.getId());

        if (session.getAttribute("user1") == null) {
            //进行登录
            if (username.equals("user1")) {
                session.setAttribute("user1",session.getId());
                return "登录成功！";
            }else{
                return "登录失败！";
            }
        } else if (session.getAttribute("user1") != null && session.getAttribute("user1").equals(session.getId())) {
            return "免登陆";
        }
        return "异常";
    }
    @GetMapping("/logout")
    public String logout(HttpServletRequest request) {
        HttpSession session = request.getSession();
        session.setMaxInactiveInterval(1000*60*60);
        System.out.println(session.getId());

        if (session.getAttribute("user1")!=null && session.getAttribute("user1").equals(session.getId())) {
            session.removeAttribute("user1");
            return "用户已退出";
        }
        return "用户已退出";
    }
}