如何防止会话属性保留在服务器上?
[英]How to prevent session attributes from persisting on the server?
问题描述
I'm new to java web development. 
我是Java Web开发的新手。 I have created a servlet/jsp web application that is deployed on Tomcat 7 . 我已经创建了一个部署在Tomcat 7上的servlet/jsp Web应用程序。 After authentication, the user go through few page that has its own forms. 身份验证后,用户将浏览具有自己形式的几个页面。 The inputs are stored as session attributes and are displayed on a confirmation before log out. 输入被存储为会话属性,并在注销前显示在确认中。
For the log out, I used session.invalidate() and sendRedirect("Logout.jsp") . 对于注销,我使用了session.invalidate() and sendRedirect("Logout.jsp") 。
If I run the application again, it will return my new input, but it will also copy all the old session input. 如果再次运行该应用程序,它将返回我的新输入,但也会复制所有旧的会话输入。
I have disabled the session persistence and put the context cachingAllowed="false" . 我禁用了会话持久性,并将上下文上下文设置为cachingAllowed="false" 。
It seems that all the session attributes are stored in the server memory. 似乎所有会话属性都存储在服务器内存中。 Is this problem causes by the server configuration? 是服务器配置引起的此问题吗?
2 个解决方案
解决方案1
0 2015-07-31 10:20:24
Make sure you use request.getSession(boolean b) method and not the request.getSession() 确保您使用request.getSession(boolean b)方法,而不是request.getSession()
All page that should be accessible to logged in user should make a call to request.getSession(false) 登录用户应该可以访问的所有页面都应该调用request.getSession(false)
If call to this method does not return any session, user should be redirected to login. 如果对该方法的调用未返回任何会话,则应将用户重定向到登录名。
解决方案2
0 2015-07-31 14:26:53
make sure your information store in session like this: 确保您的信息存储在会话中,如下所示:
HttpSession session = request.getSession();
session.setAttribute("info", info);
when you want to remove it,you should do it like this: 当您想要删除它时,您应该这样做:
HttpSession session = request.getSession();
session.removeAttribute("info");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.