首次发布在这里,我希望这是一个有效的问题。我一直在构建一个基本的Java servlet,它从页面上的表单接受3个名称/值对,将它们设置为1.请求属性2.会话属性和3. cookie属性。然后将Cookie添加到响应中,然后转发视图(AccountSettings.jsp)。然后,AccountSettings页面应该使用request.getCookies()将它们转储到数组中,然后从数组中读取值。所有这些都应该在我每次使用此表单时发生。
我的问题是cookie值仅在我第一次使用表单时才正确,然后每次我再次使用表单时,cookie都会显示在页面加载时输入的最后一个值。但是,如果我刷新页面,cookie值将正确显示。我尝试手动删除Logout servlet中的cookie(setMaxAge(0)然后重新添加到响应中),但这只在索引1处产生了一个常量ArrayOutOfBoundsException,因此我将该部分注释掉并单独保留cookie。
我在显示页面后检查了Chrome中与localhost关联的cookie,并且值设置正确,所以在我看来,在实际设置cookie之前就已经绘制了JSP。
如何解决这个问题的任何帮助将不胜感激。这是我的代码。
的Servlet
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
public Login() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
login(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
login(request, response);
}
private void login(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
// get a new or existing session
HttpSession session = request.getSession();
// Instantiate user and populate values
User user = new User();
user.setUser(request.getParameter("user"));
user.setPass(request.getParameter("pass"));
// Get last page
String referringUrl = request.getParameter("referringPage");
session.setAttribute("user", user.getUser());
session.setAttribute("pass", user.getPass());
session.setAttribute("lastPage", referringUrl);
Cookie cookie1 = new Cookie("user", user.getUser());
Cookie cookie2 = new Cookie("pass", user.getPass());
Cookie cookie3 = new Cookie("lastPage", referringUrl);
response.addCookie(cookie1);
response.addCookie(cookie2);
response.addCookie(cookie3);
request.setAttribute("user", user.getUser());
request.setAttribute("pass", user.getPass());
request.setAttribute("lastPage", referringUrl);
try{
if (user.authorize()){
session.setAttribute("name", user.getName());
session.setAttribute("authorized", "1");
}else{
session.setAttribute("authorized", "0");
}
}
catch(Exception e){
e.printStackTrace();
}
RequestDispatcher view = request.getRequestDispatcher("AccountSettings.jsp");
view.forward(request, response);
user.destroy();
}
}
查看:
<div id="content">
<div class="padding">
<%
if (!loggedIn){
out.print(
"Oops! I'm not sure how you got here..."
);
}else{
Cookie[] cookies = request.getCookies();
out.print(
"<h2>Account Settings</h2><br><br>" +
"<table>" +
"<tr>" +
"<th>Source</th>" +
"<th>Username</th>" +
"<th>Password</th>" +
"<th>Last Page Visted</th>" +
"</tr>" +
"<tr>" +
"<th>Request</th>" +
"<td>" + request.getAttribute("user") + "</td>" +
"<td>" + request.getAttribute("pass") + "</td>" +
"<td>" + request.getAttribute("lastPage") + "</td>" +
"</tr>" +
"<tr>" +
"<th>Session</th>" +
"<td>" + session.getAttribute("user") + "</td>" +
"<td>" + session.getAttribute("pass") + "</td>" +
"<td>" + session.getAttribute("lastPage") + "</td>" +
"</tr>" +
"<tr>" +
"<th>Cookies</th>" +
"<td>" + cookies[1].getValue() + "</td>" +
"<td>" + cookies[2].getValue() + "</td>" +
"<td>" + cookies[3].getValue() + "</td>" +
"</tr>" +
"</table>"
);
}
%>
</div>
</div>
答案 0 :(得分:3)
所以在我看来,在实际设置cookie之前就已经绘制了JSP
这是对的。您正在为响应添加新的cookie(因此它们仅在同一域和路径上的后续请求中可用),但您的JSP正在尝试从当前请求。
您需要 通过替换
来发送重定向而不是转发RequestDispatcher view = request.getRequestDispatcher("AccountSettings.jsp");
view.forward(request, response);
通过
response.sendRedirect("AccountSettings.jsp");
或将cookie值复制为请求属性,以便JSP可以将它们作为请求属性获取(您已经知道如何执行此操作)。
无关,在cookie中传递密码是一个非常糟糕的主意。这是一个巨大的安全漏洞。对于您的具体功能要求,最好将登录用户存储为会话属性。