注销后,会话未结束
[英]After logout, session is not ending
问题描述
I have created a java login application in which all is working fine but when I click on logged out button it successfully logged out and redirect to index.jsp but in index.jsp page if I print session value then it is printing the same, I do not know why ?? 
我已经创建了一个Java登录应用程序,其中的所有程序都工作正常,但是当我单击注销按钮时,它成功注销并重定向到index.jsp,但是在index.jsp页面中,如果我打印会话值,那么它正在打印相同的内容,我不知道为什么 ?? However, on logged out I have kill the session. 但是,注销后,我已终止该会话。 Below is the code, please suggest the possible reason: 下面是代码,请提出可能的原因:
on index.jsp page following is the code which is checking wheather session is exist or not. 在index.jsp页面上,以下是检查是否存在会话的代码。 After logout it is printing "isession is not null"... 注销后,它正在打印“ isession不为空” ...
<%
if (session == null)
{
System.out.println("session is null");
session.removeAttribute("username");
session.removeAttribute("uniqueID");
session.invalidate();
}
else if(session != null)
{
System.out.println("isession is not null");
System.out.println(session);
}
%>
loginServlet.java loginServlet.java
String name = "";
JSONObject obj = result_array.getJSONObject(0);
String res = obj.get("result").toString();
HttpSession session = null;
if (res.equals("true")) {
try {
name = obj.get("name").toString();
session = request.getSession(true);
session.setAttribute("username", name);
session.setAttribute("uniqueID", uname);
//setting session to expiry in 15 mins
session.setMaxInactiveInterval(15*60);
Cookie userName = new Cookie("user", uname);
userName.setMaxAge(15*60);
response.addCookie(userName);
if("0".equals(obj.get("role").toString()))
{
session.setAttribute("role", "user");
response.sendRedirect("home.jsp");
}
else if("1".equals(obj.get("role").toString()))
{
session.setAttribute("role", "admin");
response.sendRedirect("AdminHome.jsp");
}
}
catch (JSONException ex)
{
System.out.println(getClass().getName()+" = " +ex.toString());
this.context.log(ex.toString());
}
logoutservlet.java logoutservlet.java
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
// Cookie[] cookies = request.getCookies();
// if (cookies != null) {
// for (Cookie cookie : cookies) {
// if (cookie.getName().equals("JSESSIONID")) {
// System.out.println("JSESSIONID=" + cookie.getValue());
// break;
// }
// }
// }
Cookie loginCookie = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("user")) {
loginCookie = cookie;
break;
}
}
}
if (loginCookie != null) {
loginCookie.setMaxAge(0);
response.addCookie(loginCookie);
}
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(false);
if (session != null) {
session.removeAttribute("username");
session.removeAttribute("uniqueID");
session.removeAttribute("role");
session.invalidate();
}
out.print("You have Succefully logged out ");
response.sendRedirect("index.jsp");
out.flush();
out.close();
}
}
1 个解决方案
解决方案1
0 2015-01-31 10:46:57
By default, a session is automatically created for a JSP unless it already exists of course. 缺省情况下,当然会为JSP自动创建会话,除非它已经存在。 So, post-logout when you're checking for the implicit session object again, it's a new one. 因此,注销后再次检查隐式session对象时,它是一个新对象。
You can verify this by printing 您可以通过打印来验证
<%= session.isNew() %>
To turn this off for a particular JSP, you need set the session attribute of your page directive. 要为特定的JSP关闭此功能,您需要设置page指令的session属性。
<%@ page session="false" %>
This seems unnecessary though because the logged-in/out state can always be determined by the presence of a session attribute rather than the nullity of the session itself. 尽管这似乎没有必要,因为登录/注销状态始终可以由会话属性的存在而不是会话本身的无效来确定。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.