注销问题!
[英]Logout problem!
问题描述
I have some 30 jsp pages with login and logout. 
我有大约30个具有登录和注销功能的jsp页面。 I have put all the pages in the Session, so that only valid user can have access. 我已将所有页面放入会话中,以便只有有效用户才能访问。 Now the problem is, whenever user hits the logout the session gets invalidated but if the user presses the back button of the browser still it displays the secured pages (which shouldn't get displayed). 现在的问题是,每当用户单击注销时,会话都会失效,但是如果用户按浏览器的后退按钮,它仍会显示受保护的页面(不应显示)。
I got to know that the problem was with the browser which holds the cache and history. 我知道问题出在拥有缓存和历史记录的浏览器上。 So I applied response.setheader("cache-control",.....) etc. on secured pages and also window.history.go(+1) in the body of secured pages. 因此,我在安全页面上应用了response.setheader("cache-control",.....)等,在安全页面主体中也应用了window.history.go(+1) 。
It works fine to some extent but once in a while it displays the secured pages. 它在某种程度上可以正常工作,但有时会显示受保护的页面。 And also once the user logs in session starts and when he will be inside the website, back button should work for him without any hassle (without prompting the user to resend the form data). 而且,一旦用户登录会话开始,并且当他进入网站时,后退按钮就应该为他工作,而不会带来任何麻烦(而不会提示用户重新发送表单数据)。 Once he logs out the session should end and he should not be able to access the pages anymore by hitting back button. 一旦他注销,会话应该结束,并且他应该不再可以通过单击“后退”按钮来访问页面。 Is there any way to achieve this? 有什么办法可以做到这一点?
1 个解决方案
解决方案1
5 2011-04-07 06:36:53
1 For checking if the user is authenticated don't use code on jsp , We have Filter for that only make use of it. 1为了检查用户是否已通过身份验证,请不要在jsp上使用代码,我们有Filter ,仅使用它。
2 Make your Filter to do following to resolve caching issue 2使您的Filter可以执行以下操作以解决缓存问题
HttpServletResponse hsr = (HttpServletResponse) response;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(request, response);
3 Remove javascript 3删除JavaScript
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.