1. session management

• The data interaction between the client and the server follows HTTP agreement , This agreement is stateless ( One request, one response , Disconnect after the response ), The server cannot track client requests , adopt Cookie Technology can provide an identity to the client , After that, the client will carry this ID every time it requests , But because of this situation, the data is saved on the client , There is a risk of tampering , In order to improve security, we also launched Session Solution , Session The data is stored in the server , There is no risk of tampering

• Cookie: Similar to punch membership card , The data is saved on the client side  
  • cookie The data of is saved in the memory of the browser by default , When a session ends, the data will be cleared , You can set any saving time , After setting the save time, the data will be saved to the disk , When the time comes, clear it
  • Only text type data can be saved
  • The maximum amount of data can only be saved k The data of
  • Application scenarios : Data related to the client that needs to be saved for a long time , such as : Remember the user name and password
• Session: Similar to bank card , The data is stored in the server memory
  • Session The time to save data is about half an hour , It can be modified, but it is not recommended .
  • You can save data of any object type
  • There is no limit to the amount of data ( But it is not recommended to save a large amount of data , Because of limited resources )
  • Application scenarios : Data that requires high security and is related to the client , For example, remember the login status

1.1Cookie How to use

How to use the backend

@RequestMapping("/login")
    public int login(@RequestBody User user, HttpSession session, HttpServletResponse response){
        User u = mapping.selectByUser(user.getUsername());
        if (u!=null){
            if (user.getPassword().equals(u.getPassword())){
                if (user.getRem()){// Need to remember 
                    System.out.println(" Keep sth. in mind ！");
                    // establish Cookid  Load the data that needs to be saved 
                    Cookie c1 = new Cookie("username",user.getUsername());
                    Cookie c2 = new Cookie("password",user.getPassword());
                    // Set the save time 
                    c1.setMaxAge(60*60*24*30);
                    c2.setMaxAge(60*60*24*30);
                    // Send to client 
                    response.addCookie(c1);
                    response.addCookie(c2);
                }
                // Get the session object corresponding to the current client 
                session.setAttribute("user",u);
                return 1;
            }
            return 2;
        }
        return 3;
    }

How to use the front end  

 // Take out cookie The user name and password in are displayed on the page 
    let arr = document.cookie.split(";");
    // Traversal array 
    for (let cookie of arr){
        let cookieArr= cookie.split("=");
        let name = cookieArr[0].trim();
        let value = cookieArr[1];
        if (name == "username"){
            v.user.username = value;
        }else if(name == "password"){
            v.user.password = value;
        }
    }

2. filter Filter

• effect : The code in the filter will request the server resource ( Static and dynamic resources ) After and before execution , You can write some repetitive code that needs to be executed when requesting resources into the filter , In this way, you only need to write once , So as to improve the development efficiency .
• How to use filters ?
• Create a Filter Class file

package cn.tedu.coolshark.filter;

import cn.tedu.coolshark.entitu.User;

import javax.servlet.*;
import javax.servlet.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@WebFilter(filterName = "MyFilter",urlPatterns = {"/admin.html","/insertProduct.html","/insertBanner.html"})
public class MyFilter implements Filter {
    // Initializes the method for execution 
    public void init(FilterConfig config) throws ServletException {
    }

    // The method to perform when destroying 
    public void destroy() {
    }



    @Override// This method is called before and after the request to the server resource 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
        System.out.println(" The filter is working ");
        HttpServletRequest ht = (HttpServletRequest) request;
        HttpServletResponse he = (HttpServletResponse) response;
        // Take out the session object in the request object 
        HttpSession session = ht.getSession();
        User user =(User) session.getAttribute("user");
        // Determine whether to log in 
        if (user!=null){
            chain.doFilter(request, response);// Executing this code means release 
        }else{
            // Without logging in   Let the client redirect to the login page 
            he.sendRedirect("/login.html");
        }

    }
}

• In project name Appliction.java Add Servlet Component scan annotation

• urlPatterns Configuration mode :
  • Exactly match : /admin.html /insertProduct.html
  • The suffix match : *.jpg *.html
  • Path matching : /product/* /user/*
  • All match : /* ( All requests made by the client to the server will be blocked )