页面登录问题

session，无论用什么框架，最终都是从Servlet或者Filter中取得。归根到底，只要能取得request，就能取得session。
取得session用的是request.getSession。这里有个地方要注意：如果request.getSession(false)。那么session过期的时候返回的是null，默认情况下request.getSession()等于request.getSession(true)。意思是如果session过期则自动创建一个新session。放入session用的是session.setAttribute方法。他有两个参数，前面一个参数是key，是String，后面一个参数是真正用来存放信息的对象，是object。从session中取信息的方法是session.getAttribute，他只有一个参数，就是key。
参考代码：

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.test.LoginUser;

public class TestServlet extends HttpServlet {
    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, 
                         HttpServletResponse response) throws ServletException, IOException {
        process(request, response);
    }
    
    /**
     * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doPost(HttpServletRequest request, 
                          HttpServletResponse response) throws ServletException, IOException {
        process(request, response);
    }
    
    private void process(HttpServletRequest request, 
                           HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession(false);
        
        // Session过期
        if (session == null) {
            request.getRequestDispatcher("/timeout.html").forward(request, response);
            return;
        }
        
        // 取得
        LoginUser user = (LoginUser)session.getAttribute("user");
        
        // 放入
        LoginUser user2 = new LoginUser();
        user2.setName("test");
        session.setAttribute("user", user2);
    }
}