堆栈内存溢出
  简体   繁体   English

当用户注销后单击“后退”按钮时,会话如何失效,例如银行网站

[英]How to session expire when user clicks back button after log out i.e. like bank website

 原文  2012-11-05 04:18:37       java/ servlets/ logout

问题描述

I am storing session id in database at the time of login and refer the same when different pages are accessed. 我在登录时将会话ID存储在数据库中,并在访问不同页面时引用相同的ID。 Session expires after a certain time as I have calculated for session id in each page. 根据我在每个页面中计算的会话ID,会话会在一定时间后过期。 Now, My problem is in log out. 现在,我的问题是在注销。 When I click log out, it works in a way that user if select any thing from menu gets session expired. 当我单击注销时,它以一种用户从菜单中选择任何内容使会话过期的方式工作。 But if he clicks back button, it takes him to previous page, as session never logged out/expired. 但是,如果他单击“后退”按钮,则会将他带到上一页,因为会话从未注销/过期。 How to prevent this page display on back button thing? 如何防止此页面上显示后退按钮的东西?

Note - In log out, I have created a new session and replaced the old one with it. 注意-在注销时,我创建了一个新会话,并用它替换了旧会话。 Following is my code - 以下是我的代码- 

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import java.net.*;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;


//public class LoginToApp extends HttpServlet {
public class LogoutApp extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {

    private ServletConfig config;

        public void init(ServletConfig config)
            throws ServletException{
            //this.config=config;
            super.init(config);
   }

public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        response.setContentType("text/html");

        HttpSession session = request.getSession();
        String sessionID;
        String oldsessionID = request.getParameter("sessionID");
        System.out.println("Path Info"+oldsessionID);
        Date createTime;
        Date lastAccessTime;
        long initialtime;

        if(session.isNew()){
            System.out.println("New session created by default");
            request.getSession(true);
            sessionID = session.getId();
            createTime = new Date(session.getCreationTime());
            lastAccessTime = new Date(session.getLastAccessedTime());
            initialtime = System.currentTimeMillis();
         }else{
            System.out.println("You have created a new session");
            session.invalidate();
            session = request.getSession(true);
            sessionID = session.getId();
            createTime = new Date(session.getCreationTime());
            lastAccessTime = new Date(session.getLastAccessedTime());
            initialtime = System.currentTimeMillis();
         }

        try{
                    //java.sql.Statement theStatement=null;
                    java.sql.ResultSet theResultSet=null;
                    /* Create string of connection url within specified format with machine name, port number and database name. Here machine name id localhost and database name is student. */
                    String connectionURL = "jdbc:jtds:sqlserver://localhost/AUTOUDB";
                    // declare a connection by using Connection interface
                    Connection theConnection = null;
                    // declare object of Statement interface that uses for executing sql statements.
                    PreparedStatement thePreparedStatement = null;
                    // Load JBBC driver "com.mysql.jdbc.Driver"
                    Class.forName("net.sourceforge.jtds.jdbc.Driver");
                    int updateQuery = 0;

                        try{
                            /* Create a connection by using getConnection() method that takes parameters of string type connection url, user name and password to connect to database. */
                            theConnection = DriverManager.getConnection(connectionURL, "sa", "islemm*03");
                            // sql query to insert values in the secified table.
                            String queryString = "Update LOGIN set SESSID = ? where SESSID LIKE ?";
                            thePreparedStatement = theConnection.prepareStatement(queryString);
                            thePreparedStatement.setString(1,sessionID);
                            thePreparedStatement.setString(2,oldsessionID);
                            thePreparedStatement.executeUpdate();

                            System.out.println("Old Session ID : " +oldsessionID+ " New Session ID."+sessionID);
                            session.removeAttribute("oldsessionID");
                            response.setHeader("Cache-Control", "no-cache, no-store");
                            response.setHeader("Pragma", "no-cache");
                            response.setHeader("Expires","0");
                            response.setDateHeader("Expires",-1);
                            request.getSession().invalidate();
                            //response.sendRedirect("http://qtp.in.ibm.com:8080/automationutil/pages/loggedOut.jsp");

                            Cookie[] cookies = request.getCookies();
                                if (cookies != null)
                                    for (int i = 0; i < cookies.length; i++) {
                                        cookies[i].setValue("");
                                        cookies[i].setPath("/");
                                        cookies[i].setMaxAge(0);
                                        response.addCookie(cookies[i]);
                                        }


                            response.sendRedirect("/pages/login.html");

                        }catch (Exception e) {
                            e.printStackTrace();
                        }finally {
                            // close all the connections.
                            thePreparedStatement.close();
                            theConnection.close();
                            System.out.println("Disconnected from database in finally.");
                        }


                //  theResultSet.close();//Close the result set
                //  theStatement.close();//Close statement
                    theConnection.close(); //Close database Connection
                    System.out.println("Disconnected from database");


                }catch(Exception e){
                    System.out.println(e.getMessage());//Print trapped error.
                    e.printStackTrace();
                }


    }


    public void destroy()
      {
          // do nothing.
      }



}

1 个解决方案

解决方案1
 0  2012-11-05 04:30:25

You might want to consider a ServletFilter and pass in all your requests through the filter as in : 您可能需要考虑使用ServletFilter并通过过滤器传递所有请求,如下所示:

In your web.xml 在您的web.xml中 

<filter>
    <filter-name>secfilter</filter-name>
    <filter-class>com.security.SecurityFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>secfilter</filter-name>
    <url-pattern>*</url-pattern>
</filter-mapping>

Refer this link for more filter configurations . 请参阅此链接以获取更多过滤器配置

And in your doFilter of your filter class, check whether the session is expired. 然后在您的过滤器类的doFilter中,检查会话是否已过期。 If expired, redirect to your home page. 如果已过期,请重定向到您的主页。

I guess you could use this link as a reference. 我想您可以使用此链接作为参考。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 页面过期或会话过期如何在刷新或后退按钮上起作用? - How page expire or session expire works on refresh or back button? 注销后,当用户单击“后退”按钮时,停留在同一页面上 - After logout stay on same page when user clicks on back button 当用户单击GUI中的按钮时,我想打开一个图像 - I would like to open an image when a user clicks on a button in GUI 当用户单击后退按钮时,如何显示 Vaadin 23 的确认对话框? - How can I show a confirm dialog with Vaadin 23 when the user clicks on back button? 我正在使用struts框架,注销后按我的浏览器“后退”按钮将转到上一个打开的页面。 如何发送到登录页面? - I am using struts freamwork, after log out when i pressed browser back button it is going to last opened page. How to send it to log in page? 在用户登录后,如何具体实例化属性(即currentUser)? - How should I instantiate a property (i.e. currentUser) specifically AFTER the user has logged in? 如何检查用户何时单击了正确的按钮? - How do I check when a user clicks the correct button? 如何检查用户是否按下了特定的键,即 Enter Key 像 python 的键盘模块? - How can I check if a user is pressing a specific key i.e. Enter Key Like python's keyboard module? 如何在随机数据库中使用JPA,即用户提交了 - How to use JPA with a random database i.e., user submitted 当用户单击取消时,如何使用 JOptionPane 从子菜单返回主菜单? - How do I go back to the main menu from a sub menu using JOptionPane when the user clicks cancel?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM