JSP:Cookie实现永久登录(书本案例)
loginCookie.jsp
<%@ page language="java" pageEncoding="UTF-8" isErrorPage="false" %><jsp:directive.page import="java.security.MessageDigest"/><%!// 密钥private static final String KEY = ":cookie@helloweenvsfei.com";// MD5 加密算法public final static String calcMD5(String ss) { String s = ss==null ? "" : ss; char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; try { byte[] strTemp = s.getBytes(); MessageDigest mdTemp = MessageDigest.getInstance("MD5"); mdTemp.update(strTemp); byte[] md = mdTemp.digest(); int j = md.length; char str[] = new char[j * 2]; int k = 0; for (int i = 0; i < j; i++) { byte byte0 = md[i]; str[k++] = hexDigits[byte0 >>> 4 & 0xf]; str[k++] = hexDigits[byte0 & 0xf]; } return new String(str); } catch (Exception e) { return null; }}%><%request.setCharacterEncoding("UTF-8");response.setCharacterEncoding("UTF-8");String action = request.getParameter("action");if("login".equals(action)){String account = request.getParameter("account");String password = request.getParameter("password");int timeout = new Integer(request.getParameter("timeout"));// 把帐号连同密钥使用MD5后加密后保存String ssid = calcMD5(account + KEY);// 把帐号保存到Cookie中 并控制有效期Cookie accountCookie = new Cookie("account", account);accountCookie.setMaxAge(timeout);// 把加密结果保存到Cookie中 并控制有效期Cookie ssidCookie = new Cookie("ssid", ssid);ssidCookie.setMaxAge(timeout);response.addCookie(accountCookie);response.addCookie(ssidCookie);// 重新请求本页面response.sendRedirect(request.getRequestURI() + "?" + System.currentTimeMillis());return;}else if("logout".equals(action)){// 删除Cookie中的帐号Cookie accountCookie = new Cookie("account", "");accountCookie.setMaxAge(0);// 删除Cookie中的加密结果Cookie ssidCookie = new Cookie("ssid", "");ssidCookie.setMaxAge(0);response.addCookie(accountCookie);response.addCookie(ssidCookie);// 重新请求本页面response.sendRedirect(request.getRequestURI() + "?" + System.currentTimeMillis());return;}boolean loggin = false;String account = null;String ssid = null;// 获取Cookie中的account与ssidif(request.getCookies() != null){for(Cookie cookie : request.getCookies()){if(cookie.getName().equals("account"))account = cookie.getValue();if(cookie.getName().equals("ssid"))ssid = cookie.getValue();}}if(account != null && ssid != null){// 如果加密规则正确, 则视为已经登录loggin = ssid.equals(calcMD5(account + KEY));}%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title><%= loggin ? "欢迎您回来" : "请先登录" %></title><link rel="stylesheet" type="text/css" href="css/style.css"></head><body><div align="center" style="margin:10px; "><fieldset><legend>当前有效的 Cookie</legend><script>document.write(document.cookie);</script></fieldset><fieldset><legend><%= loggin ? "欢迎您回来" : "请先登录" %></legend><% if(loggin){ %>欢迎您, ${ cookie.account.value }. <a href="${ pageContext.request.requestURI }?action=logout">注销</a><% } else { %><form action="${ pageContext.request.requestURI }?action=login" method="post"><table><tr><td>帐号:</td><td><input type="text" name="account" style="width:200px; "></td></tr><tr><td>密码:</td><td><input type="password" name="password" style="width:200px; "></td></tr><tr><td>有效期:</td><td><input type="radio" name="timeout" value="-1" checked> 关闭浏览器即失效 <br/><input type="radio" name="timeout" value="<%= 30 * 24 * 60 * 60 %>"> 30天内有效 <br/><input type="radio" name="timeout" value="<%= Integer.MAX_VALUE %>"> 永久有效 <br/></td></tr><tr><td></td><td><input type="submit" value=" 登 录 " class="button"></td></tr></table></form><% } %></fieldset></div></body></html>