一、session方法

Session:由同一个IE窗体向同一个WEBAPP发的全部请求的总称，一个会话

同一个会话的多个额请求能够从前到后多个请求。？？祖给孙。孙不给祖

浏览器：搜集sessionID信息。并发到server。

没有就不发送。

查找sessionID。若找到，看servlet是否须要session，须要就从server内存提取旧的session对象。否则维持旧的Session不动。改动session的使用时间。

假设没找到。看是否须要session，再创建session对象，而且保持session对象在server中。把sessionID写到IE中。

sessionID放到IE浏览器。浏览器通过request把id带到server端

HttpSession session = request.getSession(false);// 这里false仅仅能用就得Session

True有旧的找旧的。否则建新的

Session.setMaxInactiveInterval两次请求之间的最长的时间间隔单位：s。相当于Session最大存活时间，超过之后server销毁这个session。比方登陆之后有一定时间，超出就销毁。

0表示马上过期，-1表示永只是期

设置最大时间的原因：

(1)Session是容器。要长时间占用内存。所以限定最大时间间隔

(2)安全考虑

Session.isNew（）是不是新的

自杀。用于安全退出或者清空购物车

下面參考：http://copperfield.iteye.com/blog/890018

session.invalidate()是销毁跟用户关联session,比如有的用户强制关闭浏览器,而跟踪用户的信息的session还存在,但是用户已经离开了。

尽管session 生命周期浏览默认时间30分,可是在30分钟内别的用户还能够訪问到前一个用户的页面,需销毁用户的session。

session.removeAttribute()移除session中的某项属性。

在spring样例中宠物商店的注销登录的代码：

request.getSession().removeAttribute("userSession");

//    注销用户，使session失效。

request.getSession().invalidate();

二、session使用 以登录为例

业务逻辑：login.jsp提交表单，loginServlet推断usernamepassword是不是对，假设不正确转到login.jsp，假设对转到DealServlet（这个类推断是否登录还有效。无效就返回login，比方163邮箱），也能够通过该容器logout，能够logout返回login页面或者主页

事实上两个Servlet也能够做登陆

AServlet推断usernamepassword，正确就到Bservlet。B能够跳出，B中加上推断 假设找不到logid。就返回login，能找到就正常显示，这样仅仅要login之后。开心的标签页，还能够正常打开B

UserLoginServlet

public class UserLoginServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		doPost(request, response);

	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		String logid = request.getParameter("logid");

		String logpwd = request.getParameter("logpwd");

		PrintWriter out = response.getWriter();

		out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");

		out.println("<HTML>");

		out.println("  <HEAD><TITLE>logincontent</TITLE></HEAD>");

		out.println("  <BODY>");

		int flag=0;

		HttpSession session = request.getSession();

		if("Admin".equals(logid) && "123".equals(logpwd)){

			session.setAttribute("userid", logid);

			session.setMaxInactiveInterval(20);

			//System.out.println("here");

			//response.sendRedirect("http://localhost:8888/TestmyJSP/logout.servlet");

			response.sendRedirect("deal.servlet"); // 不是类名而是url

		}else{

			out.write("<script>alert('login error'); history.go(-1);</script>");

		}

		out.println("  </BODY>");

		out.println("</HTML>");

		out.flush();

		out.close();

	}

}

DealLoginServlet

public class DealLoginServlet extends HttpServlet {

	/**

	 * The doGet method of the servlet. <br>

	 *

	 * This method is called when a form has its tag value method equals to get.

	 *

	 * @param request the request send by the client to the server

	 * @param response the response send by the server to the client

	 * @throws ServletException if an error occurred

	 * @throws IOException if an error occurred

	 */

	public void doGet(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		doPost(request, response);

	}

	/**

	 * The doPost method of the servlet. <br>

	 *

	 * This method is called when a form has its tag value method equals to post.

	 *

	 * @param request the request send by the client to the server

	 * @param response the response send by the server to the client

	 * @throws ServletException if an error occurred

	 * @throws IOException if an error occurred

	 */

	public void doPost(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		response.setContentType("text/html");

		PrintWriter out = response.getWriter();

		out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");

		out.println("<HTML>");

		out.println("  <HEAD><TITLE>A Servlet</TITLE></HEAD>");

		out.println("  <BODY>");

		HttpSession session = request.getSession(false);

		if(session == null){

			response.sendRedirect("login.jsp");

		}else{

			Object o = session.getAttribute("userid");

			if(null == o){

				response.sendRedirect("login.jsp");

			}else{

				out.write(o.toString());

			}

		}

		out.println("<a href='logout.servlet'>登出</a> ");

		out.println("  </BODY>");

		out.println("</HTML>");

		out.flush();

		out.close();

	}

}

LogoutServlet

public class LogoutServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		doPost(request, response);

	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		response.setContentType("text/html");

		PrintWriter out = response.getWriter();

		out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");

		out.println("<HTML>");

		out.println("  <HEAD><TITLE>A Servlet</TITLE></HEAD>");

		out.println("  <BODY>");

		HttpSession session = request.getSession();

			session.setMaxInactiveInterval(0);

			session.invalidate();

			response.sendRedirect("login.jsp");	

		out.println("  </BODY>");

		out.println("</HTML>");

		out.flush();

		out.close();

	}

}