任何人都可以告訴我如何在登錄方法中使用會話嗎?在這裏我登錄電子代碼及其工作correctly.need把會議對於不知道如何..在java servlet中使用會話
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
String operation = request.getParameter("operation");
if(operation!=null && operation.equalsIgnoreCase("login")){
loginDetail(request,response);
}//else if(operation!=null && operation.equalsIgnoreCase("login")){
//logout(request,response);
//}
}
private void loginDetail(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
User u = new User();
UserService us =new UserServiceImpl() ;
String Uname = request.getParameter("txtUname");
String Pwrd = request.getParameter("txtPwrd");
u.setUname(Uname);
u.setPwrd(Pwrd);
System.out.println(Uname+""+Pwrd);
try {
if(us.Userlogin(u.getUname(),u.getPwrd())){
String message = "Thank you, " + Uname +"..You are now logged into the system";
HttpSession session = request.getSession(true);
session.setAttribute("username", Uname);
session.setAttribute("password", Pwrd);
response.setContentType("text/html");
request.setAttribute("message", message);
request.getRequestDispatcher("/Menu.jsp").forward(request, response);
}else {
String message = "You have to register first or check Your user name password again!";
request.setAttribute("loginMsg", message);
RequestDispatcher rd = getServletContext().getRequestDispatcher("/Login.jsp");
rd.forward(request, response);
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
我只是把一些代碼行內「如果(us.Userlogin(u.getUname() ,u.getPwrd()))「聲明引導我通過這段代碼
你有沒有考慮過使用Spring Security?這看起來像是在重新發明輪子。 – david99world
你不應該在會話中的任何地方存儲密碼。你只能用它來檢查它是否正確,然後丟棄它。另外,請注意稱爲[「會話固定」](https://www.owasp.org/index.php/Session_fixation) – Multithreader