通过Session案例分析一次性验证码登录

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head>  <base href="<%=basePath%>" rel="external nofollow" >  <title>My JSP 'login.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!--  <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" >  -->  <script type="text/javascript">    function _changImg(){      document.getElementById("myimg").src = "/day11/checkImg?" + new Date().getMilliseconds();    }  </script> </head> <body>  <center>    <form action="/day11/regist" method="post">      <table>        <tr>          <td>用户名<font color="red">*</font></td>          <td><input type="text" name="name"/></td>        </tr>              <tr>          <td>密码</td>          <td><input type="password" name="password"/></td>        </tr>                          <tr>          <td>输入验证码</td>          <td>            <input type="text" name="form_checkcode" />            <img style="cursor: pointer;" alt="" src="/day11/checkImg" id="myimg" onclick="_changImg();"/>            <a href="javascript:void(0);" rel="external nofollow" onclick="_changImg();">看不清，换一张</a>            <font color="red">${imgError }</font>          </td>        </tr>                <tr>          <td><input type="submit" value="注册" /></td>        </tr>      </table>        </form>  </center> </body></html>

public class CheckImgServlet extends HttpServlet {  public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    int width = 120;    int height = 40;    // 先生成一张纸    BufferedImage bufi = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);    // 画笔    Graphics g = bufi.getGraphics();    // 设置背景颜色    // 修改画笔颜色    g.setColor(Color.white);    // 填充    g.fillRect(0, 0, width, height);    // 绘制边框    // 设置边框颜色    g.setColor(Color.red);    // 画边框    g.drawRect(0, 0, width - 1, height - 1);    // 准备一些数据    String data = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz";    // 生成随机对象    Random r = new Random();    String checkcode = "";    // 生成4个随机的数字    for (int i = 0; i < 4; i++) {      // 生成随机颜色      g.setColor(new Color(r.nextInt(255), r.nextInt(255), r.nextInt(255)));      // 设置字体      g.setFont(new Font("宋体", Font.ITALIC, 25));      String c = data.charAt(r.nextInt(data.length())) + "";      g.drawString(c, 10 + (20 * i), 30);      checkcode += c;    }    // 将生成的验证码放到 session中    request.getSession().setAttribute("session_checkcode", checkcode);    // 画干扰线    for (int i = 0; i < 8; i++) {      // 设置随机颜色      g.setColor(new Color(r.nextInt(255), r.nextInt(255), r.nextInt(255)));      // 画线 两点确定一线      g.drawLine(r.nextInt(width), r.nextInt(height), r.nextInt(width), r.nextInt(height));    }    // 将图片输出到浏览器    ImageIO.write(bufi, "jpg", response.getOutputStream());  }  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {  }}

public class RegistServlet extends HttpServlet {  public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {  }  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    // 校验验证码的有效性: 服务端生成的验证码 和 表单提交的验证码一致才算有效    // 服务端生成的验证码 保存在 session容器中    // 获得session中的验证码    HttpSession session = request.getSession();    String session_checkcode = (String) session.getAttribute("session_checkcode");    // 使用完后，迅速清除session中验证码的属性    session.removeAttribute("session_checkcode");    // 获得表单提交的验证码    String form_checkcode = request.getParameter("form_checkcode");    // 判断什么是非法 如果非法，终止    if (session_checkcode == null || !session_checkcode.equals(form_checkcode)) {      // 说明验证码错误      request.setAttribute("imgError", "验证码错误！");      // 将request对象转发给 login.jsp      request.getRequestDispatcher("/login.jsp").forward(request, response);      // 结束当前方法      return;    }    // 如果合法， 继续校验用户名和密码的有效    String username = request.getParameter("username");    String password = request.getParameter("password");  }}