堆栈内存溢出
  简体   繁体   English

JSP Servlet会话invalidate()不会使会话为空

[英]JSP Servlet session invalidate() does not make session null

 原文  2014-12-17 00:26:16       java/ jsp/ session/ servlets/ httpsession

问题描述

I have three simple HttpServlet classes in my JSP project, "LoginServlet", "LogoutServlet" and "ProfileServlet". 我的JSP项目中有三个简单的HttpServlet类,“LoginServlet”,“LogoutServlet”和“ProfileServlet”。

  • LoginServlet: log in user by setting "name" attribute to session LoginServlet:通过将“name”属性设置为session来登录用户
  • LogoutServlet: log out user and invalidate session LogoutServlet:注销用户并使会话无效
  • ProfileServlet: display user welcome info if user has logged in ProfileServlet:如果用户已登录,则显示用户欢迎信息

The last two servlets are as below that I reckon are problematic. 最后两个servlet如下所示我认为是有问题的。 

@SuppressWarnings("serial")
public class LogoutServlet extends HttpServlet {
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            response.setContentType("text/html");
            PrintWriter out=response.getWriter();

            HttpSession session=request.getSession(false);
            session.invalidate();

            request.getRequestDispatcher("link.jsp").include(request, response);

            out.print("You are successfully logged out!");

            out.close();
    }
}

And 

@SuppressWarnings("serial")
public class ProfileServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request,
            HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        request.getRequestDispatcher("link.jsp").include(request, response);

        HttpSession session = request.getSession(false);
        if (session != null) {
            String name = (String) session.getAttribute("name");

            out.print("Hello, " + name + " Welcome to Profile");
        } else {
            out.print("Please login first");
            request.getRequestDispatcher("login.html").include(request,
                    response);
        }
        out.close();
    }
}

And the link.jsp: 和link.jsp: 

<% HttpSession nsession = request.getSession(false);
if(nsession == null) {
%>
<a href="login.html">Login</a>
<%
}
else {
%>
<a href="LogoutServlet">Logout</a>
<%
}
%>
<a href="ProfileServlet">Profile</a>
<hr/>

The problem is while user is logged in, when the "Logout" link is clicked and "LogoutServlet" is called, session is not correctly invalidated and ProfileServlet still prints out 问题是当用户登录时,单击“Logout”链接并调用“LogoutServlet”时,会话未正确无效且ProfileServlet仍然打印出来 

"Hello, null Welcome to Profile"

instead of redirecting to the "login.html" page because the session is still NOT null. 而不是重定向到“login.html”页面,因为会话仍然是空的。 As a result of it, "Login" link is not shown on the "link.jsp" page. 因此,“link.jsp”页面上未显示“登录”链接。 This stops the user from being able to attempt to log in again. 这会阻止用户再次尝试登录。

EDIT: To make the problem clarified, I made a new html page and updated the servlets to do 编辑:为了澄清问题,我创建了一个新的html页面并更新了要执行的servlet 

request.getRequestDispatcher("link.html").include(request, response);

And the "link.html". 和“link.html”。 

<a href="login.html">Login</a>
<a href="LogoutServlet">Logout</a>
<a href="ProfileServlet">Profile</a>
<hr/>

Interestingly this does what I wanted! 有趣的是,这就是我想要的! I guess the problem is 我想问题是 

request.getRequestDispatcher("link.jsp").include(request, response);

But I am unable to explain why... 但我无法解释为什么......

3 个解决方案

解决方案1
 6 已采纳  2014-12-17 00:53:07

In JSP new session is created by default, if non present, so you will always get non null session. 在JSP中,默认情况下会创建新会话,如果不存在,那么您将始终获得非空会话。 You can disable that by adding following page directive to your page: 您可以通过向页面添加以下页面指令来禁用它: 

<%@ page session="false" %>

For more info check the following Why set a JSP page session = “false” directive? 有关更多信息,请查看以下内容为什么设置JSP页面session =“false”指令?

解决方案2
 3  2014-12-17 00:29:02

When it calls invalidate() it removes that session from server context and all associated data with that session, 当它调用invalidate()它会从服务器上下文中删除该会话以及该会话的所有相关数据,

When you make new request it creates new one and so you see null as the data because new session doesn't have data in it 当您创建新请求时,它会创建一个新请求,因此您将null视为数据,因为新会话中没有数据

You should check for a logical attribute inside session to validate it user is logged in or not, instead of session itself 您应检查session的逻辑属性以验证用户是否已登录,而不是会话本身

解决方案3
 0  2018-05-16 06:50:02

That may help You Check it out for condition checking. 这可能有助于您检查条件检查。

Condition To Check: 要检查的条件: 

<%
if (session.getAttribute("name") == null || 
session.getAttribute("name").equals(""))
{
response.sendRedirect("login.jsp");
}
%>

Set Up While Logout: 注销时设置: 

session.setAttribute("name", "");
session.invalidate();
response.sendRedirect("login.jsp");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java Servlet会话:创建空会话,无法使其无效 - Java servlet, session: null session gets created, can't invalidate it 在JSP中使会话无效 - Invalidate Session in JSP 从JSP到Servlet的会话的属性返回null - Attributes of a Session from JSP to Servlet returning null 获取JSP Servlet会话,返回空值 - Getting a JSP servlet session, returns a null value 如何使Servlet识别调用方JSP和会话 - How to make Servlet recognize caller JSP and session 如何正确使JSP会话无效? - How to properly invalidate JSP session? Servlet会话行为和Session.invalidate - Servlet Session behavior and Session.invalidate servlet jsp中的会话管理 - session management in servlet jsp 在servlet和jsp中检查会话 - checking session in servlet and jsp 在声明了它的servlet或将使用其值的jsp页面中使会话无效会更好吗? - Is it better to invalidate a session in a servlet in which it is declared or in the jsp page where its values will be used?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM