在网上找到一份servlet产生验证码的代码,经过测试,
发现在页面通过session.getAttribute()方法得到的验证码总是上一次保存在session中的,这样,它总比页面实际的验证码晚一拍。网上一种说法是session早于页面加载。多数人
解决方法是用一个中间页面,或者一个servlet来比较输入的验证码是否是session中保存的验证码来解决的,也有通过ajax
异步加载来解决的,本人通过中间servlet比较来解决的,测试过程如下,以备后用:
1. 页面
class="java" name="code">
<%@page import="java.util.Date"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<%
String context = request.getContextPath();
%>
<script type="text/javascript">
function reloadIdentifyCode() {
document.getElementById("btn").disable = true;
document.getElementById("code").src = "<%=context %>/generateidentifycode?time=" + new Date().getTime();
}
function isIdentifyCodeRight() {
//must quote the jsp sentence
var input = document.getElementById("identify_code").value;
<%
String identifyCode = (String) session.getAttribute("identifyCode");
%>
alert("You input:" + input + ", the answer is:" + "<%=identifyCode %>");
if(input == "<%=identifyCode %>") {
return true;
}
else {
return false;
}
}
</script>
</head>
<body>
<div id="" align="center">
<form action="<%=context %>/user/findpwd" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input id="userName" type="text" value="Email/手机号/用户名" name="userName"></td>
</tr>
<tr>
<td>验证码:</td>
<td><input id="identify_code" type="text" maxlength="6" value="" name="identifyCode">
<img id="code" alt="" src="<%=context %>/generateidentifycode?time=<%=new Date().getTime() %>">
<input id="btn" type="button" value="换张图片" onclick="reloadIdentifyCode()"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="发送验证码到邮箱"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
2. 中间servlet
package com.jesse.onlineshop.servlet;
import java.io.IOException;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.jesse.onlineshop.bean.User;
import com.jesse.onlineshop.exception.DaoException;
import com.jesse.onlineshop.service.UserService;
import com.jesse.onlineshop.service.impl.UserServiceImpl;
/**
* 因为session先于验证码图片加载,在jsp页面通过session得到的验证码总是上一次的,
* 所以,这里借助Ajax通过异步机制来比较用户输入的验证码和session中保存的验证码是 否一致来达到验证的目的
* @author Administrator
*
*/
public class FindPassWordServlet extends HttpServlet {
private static final long serialVersionUID = 7331068570820532059L;
private User user;
private UserService userService = new UserServiceImpl();
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String input = req.getParameter("identifyCode"); //获取用户输入的code
String answer = (String) req.getSession(false).getAttribute( //获取session中保存的code
"identifyCode");
if (!input.equalsIgnoreCase(answer)) {
req.getRequestDispatcher("/user/wrongcode.jsp").forward(req, resp);
} else {
String userName = req.getParameter("userName");
String regex = "[0-9]{11}";
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(userName);
if (matcher.matches()) {
} else if (userName.contains("@")) {
try {
user = userService.getUserByEmail(userName);
} catch (DaoException e) {
e.printStackTrace();
}
} else {
try {
user = userService.getUserByName(userName);
} catch (DaoException e) {
e.printStackTrace();
}
}
String email = user.getEmail();
userName = user.getUserName();
String url = req.getContextPath() + "/confidential/user/changepwd?user="+userName+"&&time=" + new Date().getTime();
try {
userService.addChangePwdReqRecord(userName);
} catch (DaoException e) {
e.printStackTrace();
throw new ServletException(e.getMessage());
}
userService.sendChangePassWordRequest(email, url);
req.getRequestDispatcher("findpwdsuccess.jsp").forward(req, resp);
}
}
}