Java Web基于Session的登录实现方法

package cn.com.login;import java.io.IOException;import java.io.PrintWriter;import java.util.ArrayList;import java.util.List;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class Login extends HttpServlet {  private static final long serialVersionUID = 1L;  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    response.setCharacterEncoding("UTF-8");    response.setContentType("text/html;charset=UTF-8");    String userName=request.getParameter("userName");    String password=request.getParameter("password");    PrintWriter out=response.getWriter();    List<User> list=Db.getAll();    for(User user:list)    {      if(user.getUserName().equals(userName)&&user.getPassword().equals(password))      {        request.getSession().setAttribute("user", user);        response.sendRedirect("/Session/index.jsp");        return ;      }    }    out.write("用户名或者密码错误！");  }  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    doGet(request,response);  }}class Db{  public static List<User> list=new ArrayList();  static  {    list.add(new User("aaa","123"));    list.add(new User("bbb","123"));    list.add(new User("ccc","123"));  }  public static List<User> getAll()  {    return list;  }}package cn.com.login;public class User {  private String userName;  private String password;  public User() {    super();    // TODO Auto-generated constructor stub  }  public User(String userName, String password) {    super();    this.userName = userName;    this.password = password;  }  public String getUserName() {    return userName;  }  public void setUserName(String userName) {    this.userName = userName;  }  public String getPassword() {    return password;  }  public void setPassword(String password) {    this.password = password;  }}package cn.com.login;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet implementation class LogOut */public class LogOut extends HttpServlet {  private static final long serialVersionUID = 1L;  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    HttpSession session=request.getSession(false);    if(session==null)    {      response.sendRedirect("/Session/index.jsp");      return ;    }    session.removeAttribute("user");    response.sendRedirect("/Session/index.jsp");  }  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    doGet(request,response);  }}<!DOCTYPE html><html> <head> <title>Index.html</title> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="this is my page"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <!--<link rel="stylesheet" type="text/css" href="./styles.css">--> </head> <body> <form action="/Session/Login">   用户名：<input type="text" name="userName"/><br/>   密码：<input type="password" name="password"/><br/>   <input type="submit" value="登录" name="login"/> </form> </body></html>