设置会话Cookie监听器

Question

How can I say into my web, how many times a cookie is loaded? 我如何在我的网站中说，cookie被加载了多少次？ For example, I login with my credentials, my jsp runs and show result... when I get result I want to say username credential like this: 例如，我用我的凭据登录，我的jsp运行并显示结果...当我得到结果时，我想说出用户名凭据，如下所示：

 <% 
      String Usuario = null;
      Cookie[] cookies =request.getCookies();
      if (cookies != null){
          for(Cookie cookie : cookies){
              if(cookie.getName().equals("usuario"))
                  Usuario = cookie.getValue();

          }
      }
  if (Usuario == null)
      response.sendRedirect("Index.html");
  %>
  <h3>
      Hi <%=Usuario %>, Login Complete.
  </h3>

  <form action="Logout" method="post">
      <input type="submit" value="Logout">
  </form>

but If I reload page I want to count how many times cookie is reloaded so in my response I get: 但是，如果我重新加载页面，我想计算cookie被重新加载的次数，因此在响应中我得到：

      <h3>
          Hi <%=Usuario %>, Login Complete. + cookiecount
      </h3>

How can I do that? 我怎样才能做到这一点？

JSP: JSP：

<!DOCTYPE html>
 <html>
     <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Login con Cookies</title>
</head>
<body>
  <% 
      String Usuario = null;
      Cookie[] cookies =request.getCookies();
      if (cookies != null){
          for(Cookie cookie : cookies){
              if(cookie.getName().equals("usuario"))
                  Usuario = cookie.getValue();

          }
      }
  if (Usuario == null)
      response.sendRedirect("Index.html");
  %>
  <h3>
      Hi <%=Usuario %>, Login Complete.
  </h3>

  <form action="Logout" method="post">
      <input type="submit" value="Logout">
  </form>
</body>

LoginServlet: LoginServlet：

 @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    String user = request.getParameter("usuario");
    String contra = request.getParameter("contrasena");

    if (userID.equals(user) && password.equals(contra)){
        Cookie Gerardocookie = new Cookie("usuario",user);
        Gerardocookie.setMaxAge(60 * 60);
        response.addCookie(Gerardocookie);
        response.sendRedirect("Procesardatos.jsp");
    } else{
        RequestDispatcher rd = getServletContext().getRequestDispatcher("/index.html");
        PrintWriter out = response.getWriter();
        out.println("<font color=red>Usuario y/o contrasena invalidas");
        rd.include(request, response);
    }
}

--------------------------------UPDATE--------------------------------------- --------------------------------更新----------------- ----------------------

JSP: JSP：

    <body>
     <% 

 String usuario = (String)session.getAttribute("usuario");
 if (usuario == null) {
response.sendRedirect("Index.html");
return;
 }
 AtomicInteger sessionCount = (AtomicInteger)session.getAttribute("count");
 int count = sessionCount.incrementAndGet(); // count = ++sessionCount
  %>

SERVLET: SERVLET：

 protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
        String user = request.getParameter("usuario");
        String contra = request.getParameter("contrasena");

     HttpSession session = request.getSession();
      session.setAttribute("usuario", user);
      session.setAttribute("count", new AtomicInteger());

    if (userID.equals(user) && password.equals(contra)){
        Cookie Gerardocookie = new Cookie("usuario",user);
        Gerardocookie.setMaxAge(60 * 60);
        response.addCookie(Gerardocookie);
        response.sendRedirect("Procesardatos.jsp");
    } else{
        RequestDispatcher rd = getServletContext().getRequestDispatcher("/index.html");
        PrintWriter out = response.getWriter();
        out.println("<font color=red>Usuario y/o contrasena invalidas");
        rd.include(request, response);
    }
}

Answer 1

Cookies are very easy to hack, so simply setting the user name in a cookie is pretty much useless for ensuring security. Cookies非常容易被破解，因此简单地在Cookie中设置用户名对于确保安全性几乎没有用。 Any session cookie can be copied to another computer as a never-expiring cookie. 任何会话cookie都可以作为永不过期的cookie复制到另一台计算机上。

Suggest you store the user name in a session instead. 建议您将用户名存储在会话中。 Even if the cookie is stolen, it becomes useless once the server expires the session. 即使cookie被盗，一旦服务器使会话期满，cookie也将变得无用。 (There are other things you can do to improve security even further.) （您还可以采取其他措施来进一步提高安全性。）

You can then store a second session attribute with a counter: 然后，您可以使用计数器存储第二个会话属性：

HttpSession session = request.getSession();
session.setAttribute("usuario", user);
session.setAttribute("count", new AtomicInteger());

On subsequent requests you query the session: 在后续请求中，您查询会话：

HttpSession session = request.getSession();
String usuario = (String)session.getAttribute("usuario");
if (usuario == null) {
    response.sendRedirect("Index.html");
    return;
}
AtomicInteger sessionCount = (AtomicInteger)session.getAttribute("count");
int count = sessionCount.incrementAndGet(); // count = ++sessionCount

This is consistent with what you were asking, but it will increase the counter on every request to the server that does this. 这与您的要求一致，但是它将增加对执行此操作的服务器的每个请求的计数器。 If all requests, other than the login page, are secured, they all do this, so you're basically counting requests. 如果除登录页面之外的所有请求均得到保护，则它们都将执行此操作，因此您基本上是在计算请求。

设置会话Cookie监听器

问题描述

1 个解决方案

解决方案1
0 已采纳 2015-09-13 23:01:36

设置会话Cookie监听器

问题描述

1 个解决方案

解决方案1 0 已采纳 2015-09-13 23:01:36

解决方案1
0 已采纳 2015-09-13 23:01:36