-
-
Save taichi/905226 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
import javax.servlet.ServletException; | |
import javax.servlet.http.HttpServlet; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import javax.servlet.http.HttpSession; | |
public class SesFixaGuardFirstServlet extends HttpServlet { | |
private static final long serialVersionUID = 1L; | |
public SesFixaGuardFirstServlet() { | |
super(); | |
} | |
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | |
//文字化け対策 | |
request.setCharacterEncoding("utf-8"); | |
response.setContentType("text/html; charset=utf-8"); | |
HttpSession session = request.getSession(); | |
//カートに入れた商品をセッションで管理 | |
session.setAttribute("productName", request.getParameter("productName")); | |
request.getRequestDispatcher("SesFixaPage1.jsp").forward(request, response); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
import javax.servlet.ServletException; | |
import javax.servlet.http.HttpServlet; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import javax.servlet.http.HttpSession; | |
public class SesFixaGuardSecondServlet extends HttpServlet { | |
private static final long serialVersionUID = 1L; | |
public SesFixaGuardSecondServlet() { | |
super(); | |
} | |
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | |
//文字化け対策 | |
request.setCharacterEncoding("utf-8"); | |
response.setContentType("text/html; charset=utf-8"); | |
HttpSession session = request.getSession(); | |
//カートに入れた商品をセッションから取り出す。 | |
String productName = (String) session.getAttribute("productName"); | |
//★ログインした時に古いセッションIDを破棄 | |
request.getSession(true).invalidate(); | |
//★ログインした時に新しいセッションを作成 | |
HttpSession newSession = request.getSession(); | |
newSession.setAttribute("productName", productName); | |
newSession.setAttribute("id", request.getParameter("id")); | |
request.getRequestDispatcher("SesFixaPage2.jsp").forward(request, response); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | |
</head> | |
<body> | |
商品をカートに入れる(ログイン前) | |
<form action="SesFixaGuardFirstServlet" method="POST"> | |
商品名: <input name="productName" size="5"> | |
<input type="submit" value="ログイン画面に進む"> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ page language="java" contentType="text/html; charset=UTF-8" | |
pageEncoding="UTF-8"%> | |
<%@ page import="jp.co.test.wasbook.nakayama.sessionFixation.Util" %> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | |
<html> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | |
</head> | |
<body> | |
カートに入った商品:<% out.println( Util.escapeHTML( (String)session.getAttribute("productName") ) );%><br /> | |
<!-- 確認用 --> | |
ログイン前セッションID: <%= Util.escapeHTML(session.getId()) %> <br /> | |
<form action="SesFixaGuardSecondServlet" method="POST"> | |
ユーザID : <input name="id" size="5"> | |
<input type="submit" value="ログイン"> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ page language="java" contentType="text/html; charset=UTF-8" | |
pageEncoding="UTF-8"%> | |
<%@ page import="jp.co.test.wasbook.nakayama.sessionFixation.Util" %> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | |
<html> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | |
</head> | |
<body> | |
ログインしました! | |
ユーザID:<%= Util.escapeHTML( (String)session.getAttribute("id") ) %> <br /> | |
カートに入った商品:<%= Util.escapeHTML( (String)session.getAttribute("productName") ) %><br /> | |
<!-- 確認用 --> | |
ログイン後のセッションID:<%= Util.escapeHTML(session.getId()) %> <br /> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package jp.co.test.wasbook.nakayama.sessionFixation; | |
public class Util { | |
/** | |
* 引数で与えられた文字列にHTMLエスケープを行った結果文字列を返す | |
* @param str | |
* @return | |
*/ | |
public static String escapeHTML(String str){ | |
// 文字列の結合を繰り返すため、StringBuffer(可変の文字列を扱う)を使用 | |
StringBuffer escapeStr = new StringBuffer(); | |
for(int i=0; i < str.length(); i++){ | |
char c = str.charAt(i); | |
if(c == '<'){ | |
escapeStr.append("<"); | |
} | |
else if(c == '>'){ | |
escapeStr.append(">"); | |
} | |
else if(c == '&'){ | |
escapeStr.append("&"); | |
} | |
else if(c == '"'){ | |
escapeStr.append("""); | |
} | |
else if(c == '\''){ | |
escapeStr.append("'"); | |
} | |
else{ | |
escapeStr.append(c); | |
} | |
} | |
return escapeStr.toString(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment