堆栈内存溢出
  简体   繁体   English

如何使浏览器会话无效

[英]How to invalidate browser session

 原文  2011-03-22 06:29:35       java/ jsp/ session/ browser/ invalidation

问题描述

How can I invalidate Browser Session. 如何使浏览器会话无效。 I am using JSP's. 我正在使用JSP。 In web.xml the session-timeout is been set to 180 seconds and I want it like that only. web.xmlsession-timeout设置为180秒,我只想这样。 But the problem is on some special occasion for some user's browser session need to be invalidated immediately right after a form submit. 但问题是在某些特殊场合,某些用户的浏览器会话需要在表单提交后立即失效。

I have used session.invalidate(); 我用过session.invalidate(); to invalidate session and also used 使会话无效并使用 

response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

But, still when I click the back button it will take me to the same users session. 但是,当我单击后退按钮时,它将带我进入相同的用户会话。 Is this loading from browser cache? 这是从浏览器缓存加载吗?

This is what i have in my JSP : 这就是我在JSP中所拥有的: 

<head>
<script type="text/javascript">
function submitForm(){window.document.submitFrm.submit();}
</script>
</head>
<body onload="submitForm()">
<%String output = (String)(request.getAttribute("strOut"));
String hookUrl = (String)(request.getAttribute("hookUrl"));
System.out.println("hookUrl in cwsGroup.jsp : "+hookUrl);%>
<form method="post" action="<%=hookUrl%>" name="submitFrm" id="submitFrm">
<input type="hidden"  name="cxml-urlencoded" value='<%=output%>' />
</form>
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader( "Expires", 0 );
session.removeValue("domineName");
session.invalidate();%>
</body>

Am I missing something? 我错过了什么吗?

2 个解决方案

解决方案1
 4 已采纳  2011-03-22 13:46:58

Those headers are incomplete. 那些标题不完整。 This would only work in Internet Explorer, but would fail in others. 这只适用于Internet Explorer,但在其他情况下会失败。 The complete set is 完整的设置是 

response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires", 0);

And you also need to set them in the previous JSP pages as well. 而且您还需要在之前的 JSP页面中设置它们。 Calling this inside a JSP would only disable caching the current JSP page. 在JSP中调用它只会禁用缓存当前的 JSP页面。 You need to copypaste it over all JSP pages ( shudder ). 您需要在所有JSP页面上进行密码处理( 不寒而栗 )。 Or even better, use a Filter for this which is mapped on *.jsp . 或者甚至更好,使用一个Filter来映射*.jsp For an example, see this answer . 例如,请参阅此答案

解决方案2
 1  2011-03-22 06:45:58

As you said, onclicking back button session is getting invalidate. 正如你所说,点击后退按钮会话正在变得无效。 SO please make session invalidate session on Back button event. 所以请在后退按钮事件上使会话无效。

please add "<" ">" for first and lasr line in code snippet 请在代码段中为first和lasr行添加"<" ">" 

<script type="text/javascript">

      bajb_backdetect.OnBack = function()
      {

        alert('You clicked it!');

      }

<script>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在JSF中的浏览器关闭时使会话无效 - How to invalidate the session on browser close in the JSF 如何使用户会话无效 - how to invalidate a users session 如何使Siteminder会话无效 - How to invalidate siteminder session 会话如何与Weblogic 12 c配合使用-关闭浏览器似乎会使会话或cookie无效 - How session works with Weblogic 12 c - Closing browser seems to invalidate the session or the cookie 如何使seam POJO会话无效 - How to invalidate seam POJO session 如何以编程方式使所选会话无效? - How to invalidate selected session programmatically? 如何正确使JSP会话无效? - How to properly invalidate JSP session? 当用户登录另一浏览器时,使该浏览器中的用户会话无效? - Invalidate a user session in one browser when user logins in another browser? 使会话无效 - Invalidate a session 当用户使用servlet关闭浏览器时使会话无效 - To invalidate session when user close browser by using servlet
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM