关于在页面得到的servlet验证码总是上一次保存在session中的

Posted 2020-10-24 星朝

在网上找到一份servlet产生验证码的代码，经过测试，发现在页面通过session.getAttribute()方法得到的验证码总是上一次保存在session中的，这样，它总比页面实际的验证码晚一拍。网上一种说法是session早于页面加载。多数人解决方法是用一个中间页面，或者一个servlet来比较输入的验证码是否是session中保存的验证码来解决的，也有通过ajax异步加载来解决的，本人通过中间servlet比较来解决的，测试过程如下，以备后用：

1. 页面

Java代码  

1. <%@page import="java.util.Date"%>  
2. <%@ page language="java" contentType="text/html; charset=UTF-8"  
3.     pageEncoding="UTF-8"%>  
4. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">  
5. <html>  
6. <head>  
7. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">  
8. <title>Insert title here</title>  
9. <%  
10.     String context = request.getContextPath();  
11. %>  
12. <script type="text/javascript">  
13.     function reloadIdentifyCode() {  
14.         document.getElementById("btn").disable = true;  
15.         document.getElementById("code").src = "<%=context %>/generateidentifycode?time=" + new Date().getTime();  
16.     }  
17.     function isIdentifyCodeRight() {  
18.         //must quote the jsp sentence  
19.         var input = document.getElementById("identify_code").value;  
20.         <%  
21.             String identifyCode = (String) session.getAttribute("identifyCode");  
22.         %>  
23.         alert("You input:" + input + ", the answer is:" + "<%=identifyCode %>");  
24.         if(input == "<%=identifyCode %>") {  
25.             return true;  
26.         }  
27.         else {  
28.             return false;  
29.         }  
30.     }  
31. </script>  
32. </head>  
33. <body>  
34.     <div id="" align="center">  
35.         <form action="<%=context %>/user/findpwd" method="post">  
36.             <table>  
37.                 <tr>  
38.                     <td>用户名:</td>  
39.                     <td><input id="userName" type="text" value="Email/手机号/用户名" name="userName"></td>  
40.                 </tr>  
41.                 <tr>  
42.                     <td>验证码:</td>  
43.                     <td><input id="identify_code" type="text" maxlength="6" value="" name="identifyCode">  
44.                 <img id="code" alt="" src="<%=context %>/generateidentifycode?time=<%=new Date().getTime() %>">  
45.                 <input id="btn" type="button" value="换张图片" onclick="reloadIdentifyCode()"></td>  
46.                 </tr>  
47.                 <tr>  
48.                     <td colspan="2"><input type="submit" value="发送验证码到邮箱"></td>  
49.                 </tr>  
50.             </table>  
51.         </form>  
52.     </div>  
53. </body>  
54. </html>  

<%@page import="java.util.Date"%><%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title><%    String context = request.getContextPath();%><script type="text/javascript">    function reloadIdentifyCode() {        document.getElementById("btn").disable = true;        document.getElementById("code").src = "<%=context %>/generateidentifycode?time=" + new Date().getTime();    }    function isIdentifyCodeRight() {        //must quote the jsp sentence        var input = document.getElementById("identify_code").value;        <%            String identifyCode = (String) session.getAttribute("identifyCode");        %>        alert("You input:" + input + ", the answer is:" + "<%=identifyCode %>");        if(input == "<%=identifyCode %>") {            return true;        }        else {            return false;        }    }</script></head><body>    <div id="" align="center">        <form action="<%=context %>/user/findpwd" method="post">            <table>                <tr>                    <td>用户名:</td>                    <td><input id="userName" type="text" value="Email/手机号/用户名" name="userName"></td>                </tr>                <tr>                    <td>验证码:</td>                    <td><input id="identify_code" type="text" maxlength="6" value="" name="identifyCode">                <img id="code"  src="<%=context %>/generateidentifycode?time=<%=new Date().getTime() %>">                <input id="btn" type="button" value="换张图片" onclick="reloadIdentifyCode()"></td>                </tr>                <tr>                    <td colspan="2"><input type="submit" value="发送验证码到邮箱"></td>                </tr>            </table>        </form>    </div></body></html>

2. 中间servlet

Java代码  

1. package com.jesse.onlineshop.servlet;  
2.   
3. import java.io.IOException;  
4. import java.util.Date;  
5. import java.util.regex.Matcher;  
6. import java.util.regex.Pattern;  
7.   
8. import javax.servlet.ServletException;  
9. import javax.servlet.http.HttpServlet;  
10. import javax.servlet.http.HttpServletRequest;  
11. import javax.servlet.http.HttpServletResponse;  
12.   
13. import com.jesse.onlineshop.bean.User;  
14. import com.jesse.onlineshop.exception.DaoException;  
15. import com.jesse.onlineshop.service.UserService;  
16. import com.jesse.onlineshop.service.impl.UserServiceImpl;  
17.   
18. /** 
19.  * 因为session先于验证码图片加载，在jsp页面通过session得到的验证码总是上一次的， 
20.  * 所以，这里借助Ajax通过异步机制来比较用户输入的验证码和session中保存的验证码是 否一致来达到验证的目的 
21.  * @author Administrator 
22.  * 
23.  */  
24. public class FindPassWordServlet extends HttpServlet {  
25.   
26.     private static final long serialVersionUID = 7331068570820532059L;  
27.   
28.     private User user;  
29.     private UserService userService = new UserServiceImpl();  
30.   
31.     @Override  
32.     protected void doPost(HttpServletRequest req, HttpServletResponse resp)  
33.             throws ServletException, IOException {  
34.         String input = req.getParameter("identifyCode");    //获取用户输入的code  
35.         String answer = (String) req.getSession(false).getAttribute(    //获取session中保存的code  
36.                 "identifyCode");  
37.         if (!input.equalsIgnoreCase(answer)) {  
38.             req.getRequestDispatcher("/user/wrongcode.jsp").forward(req, resp);  
39.         } else {  
40.             String userName = req.getParameter("userName");  
41.             String regex = "[0-9]{11}";  
42.             Pattern pattern = Pattern.compile(regex);  
43.             Matcher matcher = pattern.matcher(userName);  
44.             if (matcher.matches()) {  
45.             } else if (userName.contains("@")) {  
46.                 try {  
47.                     user = userService.getUserByEmail(userName);  
48.                 } catch (DaoException e) {  
49.                     e.printStackTrace();  
50.                 }  
51.             } else {  
52.                 try {  
53.                     user = userService.getUserByName(userName);  
54.                 } catch (DaoException e) {  
55.                     e.printStackTrace();  
56.                 }  
57.             }  
58.             String email = user.getEmail();  
59.             userName = user.getUserName();  
60.             String url = req.getContextPath() + "/confidential/user/changepwd?user="+userName+"&&time=" + new Date().getTime();  
61.               
62.             try {  
63.                 userService.addChangePwdReqRecord(userName);  
64.             } catch (DaoException e) {  
65.                 e.printStackTrace();  
66.                 throw new ServletException(e.getMessage());  
67.             }  
68.               
69.             userService.sendChangePassWordRequest(email, url);  
70.             req.getRequestDispatcher("findpwdsuccess.jsp").forward(req, resp);  
71.         }  
72.     }  
73.   
74. }  

package com.jesse.onlineshop.servlet;import java.io.IOException;import java.util.Date;import java.util.regex.Matcher;import java.util.regex.Pattern;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.jesse.onlineshop.bean.User;import com.jesse.onlineshop.exception.DaoException;import com.jesse.onlineshop.service.UserService;import com.jesse.onlineshop.service.impl.UserServiceImpl;/** * 因为session先于验证码图片加载，在jsp页面通过session得到的验证码总是上一次的， * 所以，这里借助Ajax通过异步机制来比较用户输入的验证码和session中保存的验证码是 否一致来达到验证的目的 * @author Administrator * */public class FindPassWordServlet extends HttpServlet {    private static final long serialVersionUID = 7331068570820532059L;    private User user;    private UserService userService = new UserServiceImpl();    @Override    protected void doPost(HttpServletRequest req, HttpServletResponse resp)            throws ServletException, IOException {        String input = req.getParameter("identifyCode");    //获取用户输入的code        String answer = (String) req.getSession(false).getAttribute(    //获取session中保存的code                "identifyCode");        if (!input.equalsIgnoreCase(answer)) {            req.getRequestDispatcher("/user/wrongcode.jsp").forward(req, resp);        } else {            String userName = req.getParameter("userName");            String regex = "[0-9]{11}";            Pattern pattern = Pattern.compile(regex);            Matcher matcher = pattern.matcher(userName);            if (matcher.matches()) {            } else if (userName.contains("@")) {                try {                    user = userService.getUserByEmail(userName);                } catch (DaoException e) {                    e.printStackTrace();                }            } else {                try {                    user = userService.getUserByName(userName);                } catch (DaoException e) {                    e.printStackTrace();                }            }            String email = user.getEmail();            userName = user.getUserName();            String url = req.getContextPath() + "/confidential/user/changepwd?user="+userName+"&&time=" + new Date().getTime();                        try {                userService.addChangePwdReqRecord(userName);            } catch (DaoException e) {                e.printStackTrace();                throw new ServletException(e.getMessage());            }                        userService.sendChangePassWordRequest(email, url);            req.getRequestDispatcher("findpwdsuccess.jsp").forward(req, resp);        }    }}