Web 中会话 指:浏览器和服务器之间一次连续的交互过程 。 HTTP 协议是无状态 的,服务器不会记住上一次访问的用户信息,Cookie 和 Session 就是用来保存用户状态、记录数据的核心技术,登录、记住密码、购物车都靠它们。
一、核心概念
-
Cookie
- 数据保存在客户端(浏览器)
- 存储少量文本数据,不安全、有大小 / 数量限制
- 随请求自动发送给服务器
-
Session
- 数据保存在服务端(Tomcat)
- 安全、可存复杂数据,依赖 Cookie 传递 SessionID
- 每个浏览器对应独立 Session
二、完整案例(沿用现有项目)
项目新增 4 个 Servlet: CookieDemo、GetCookie、SessionDemo、GetSession
1. Cookie 演示代码
① CookieDemo.java(创建 & 发送 Cookie)
java运行
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
public class CookieDemo extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
// 1. 创建Cookie对象:name=value
Cookie cookie = new Cookie("username", "zhangsan");
// 2. 设置Cookie存活时间(单位:秒),-1 浏览器关闭就失效
cookie.setMaxAge(60 * 10); // 存活10分钟
// 3. 把Cookie响应给浏览器
response.addCookie(cookie);
PrintWriter out = response.getWriter();
out.write("Cookie 已下发,<a href='getCookie'>点击查看Cookie</a>");
out.close();
}
}② GetCookie.java(获取 Cookie)
java运行
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
public class GetCookie extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
// 1. 获取浏览器携带的所有Cookie数组
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie c : cookies) {
String name = c.getName();
String value = c.getValue();
out.write(name + " = " + value + "<br>");
}
}else{
out.write("暂无Cookie");
}
out.close();
}
}2. Session 演示代码
① SessionDemo.java(存数据到 Session)
java运行
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
public class SessionDemo extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
// 1. 获取当前会话Session,没有则自动创建
HttpSession session = request.getSession();
// 2. 向Session存入数据(键值对)
session.setAttribute("nickname", "小李");
session.setAttribute("age", 20);
out.write("数据已存入Session <br>");
out.write("<a href='getSession'>点击读取Session数据</a>");
out.close();
}
}② GetSession.java(读取 Session 数据)
java运行
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
public class GetSession extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
// 获取同一次会话的Session
HttpSession session = request.getSession();
// 读取数据
String nickname = (String) session.getAttribute("nickname");
Integer age = (Integer) session.getAttribute("age");
out.write("昵称:" + nickname + "<br>");
out.write("年龄:" + age + "<br>");
// 手动销毁Session(退出登录常用)
// session.invalidate();
out.close();
}
}三、配置 web.xml
追加映射配置:
xml
<!-- Cookie 演示 -->
<servlet>
<servlet-name>CookieDemo</servlet-name>
<servlet-class>CookieDemo</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CookieDemo</servlet-name>
<url-pattern>/cookieDemo</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>GetCookie</servlet-name>
<servlet-class>GetCookie</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>GetCookie</servlet-name>
<url-pattern>/getCookie</url-pattern>
</servlet-mapping>
<!-- Session 演示 -->
<servlet>
<servlet-name>SessionDemo</servlet-name>
<servlet-class>SessionDemo</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SessionDemo</servlet-name>
<url-pattern>/sessionDemo</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>GetSession</servlet-name>
<servlet-class>GetSession</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>GetSession</servlet-name>
<url-pattern>/getSession</url-pattern>
</servlet-mapping>四、测试步骤
- 编译
.java文件,class 放入WEB-INF/classes,重启 Tomcat - 测试 Cookie
- 访问
http://localhost:8080/FirstWeb/cookieDemo下发 Cookie - 点击链接查看
getCookie页面,读出数据
- 访问
- 测试 Session
- 访问
http://localhost:8080/FirstWeb/sessionDemo存入数据 - 点击链接读取 Session 内容
- 访问
五、核心知识点总结
1. Cookie 常用方法
new Cookie(name,value):创建 CookiesetMaxAge(秒):设置有效期response.addCookie(cookie):发送 Cookie 到浏览器request.getCookies():获取所有 Cookie 数组
2. Session 常用方法
request.getSession():获取 / 创建会话对象setAttribute(key,value):存数据getAttribute(key):取数据invalidate():销毁会话(退出登录)
3. Cookie & Session 对比
表格
| 对比项 | Cookie | Session |
|---|---|---|
| 存储位置 | 客户端浏览器 | 服务端服务器 |
| 安全性 | 低,可篡改 | 高 |
| 数据类型 | 仅字符串 | 任意对象 |
| 生命周期 | 可手动设置 | 默认超时失效 |
| 依赖 | 无 | 依赖 Cookie 传递 SessionID |
4. 典型使用场景
- Cookie:记住用户名、免密登录(短期)
- Session:保存登录用户信息、购物车、权限数据
六、记忆口诀
Cookie 存浏览器,明文数据不安全; Session 放服务器,登录状态最常用; 会话跟踪两大件,Web 登录离不了!