单击注销按钮,终止会话并重定向到登录页面
[英]Kill session and redirect to login page on click of logout button
问题描述
I have the following code in JSP: 
我在JSP中有以下代码:
<%
if(session.getAttribute("Username") == null || session.getAttribute("Username") == "_INVALID_")
{
response.sendRedirect("LoginPage.html");
}
%>
<form>
<input type="button" value="Change Account Details" onClick="location.href='ChangeDetails.jsp'">
<br></br>
<input type="button" value="Add Customers" onClick="location.href='AddCustomers.jsp'">
<br></br>
<input type="button" value="Manage Flights" onClick="location.href='ManageFlights.jsp'">
<br></br>
<input type="button" value="Book Flights" onClick="location.href='BookFlights.jsp'">
<br></br>
<input type="button" value="Log Out" onClick="location.href='LoginPage.html'">
</form>
When the user clicks on the log out button, I want to redirect him to the log-in page and kill the current session. 当用户单击注销按钮时,我想将其重定向到登录页面并终止当前会话。 I have succeeded in the redirection part but I do not know how to kill the session. 我已成功完成重定向部分,但我不知道如何终止会话。 How can this be done please? 怎么能这样呢?
3 个解决方案
解决方案1
20 已采纳 2012-12-04 16:30:24
In order to kill the current session, you basically need to call HttpSession#invalidate() and perform a redirect to the login or main page. 为了终止当前会话,您基本上需要调用HttpSession#invalidate()并执行重定向到登录或主页面。 This code is supposed to be placed in doPost() method of a servlet which is invoked by a POST request. 该代码应该放在由POST请求调用的servlet的 doPost()方法中。
Eg 例如
<form action="${pageContext.request.contextPath}/logout" method="post">
<input type="submit" value="Logout" />
</form>
with 同
@WebServlet("/logout")
public class LogoutServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getSession().invalidate();
response.sendRedirect(request.getContextPath() + "/LoginPage.html");
}
}
Unrelated to the concrete problem, your username checking code is not at the right place. 与具体问题无关 ,您的用户名检查代码不在正确的位置。 You shouldn't be copypasting the same code over every single JSP page. 您不应该在每个JSP页面上复制相同的代码。 You should be performing this job in a single place in a servlet filter . 您应该在servlet过滤器中的单个位置执行此作业。 Java code in JSP files should be avoided as much as possible. 应尽可能避免 JSP文件中的Java代码。
Further, there's another potential problem when the enduser uses the browser's back button to navigate back in history. 此外,当最终用户使用浏览器的后退按钮导航回历史记录时,还有另一个潜在的问题。 By default, the browser will cache all responses and thus the back button might display the page from the browser cache instead of requesting a brand new straight from the server. 默认情况下,浏览器将缓存所有响应,因此后退按钮可能会显示浏览器缓存中的页面,而不是从服务器请求全新的响应。 In order to fix this, see this related question Prevent user from seeing previously visited secured page after logout 要解决此问题,请参阅此相关问题防止用户在注销后查看以前访问过的受保护页面
Last but not least, you've there some quite strange HTML. 最后但同样重要的是,你有一些非常奇怪的HTML。 Buttons with onClick to navigate? 使用onClick进行导航的按钮? How user and SEO unfriendly. 用户和SEO如何不友好。 Use normal <a> links instead. 请改用普通的<a>链接。 For the button look'n'feel, throw in some CSS. 对于按钮look'n'feel,扔进一些CSS。
解决方案2
2 2012-12-04 16:23:37
You should take a look at the invalidate() method of HttpSession. 你应该看一下HttpSession的invalidate()方法。 The session can be retrieved via HttpServletRequest getSession() method. 可以通过HttpServletRequest getSession()方法检索会话。
You should also take a look at Expires, Cache-Control, Pragma http headers, as in: Prevent user from going back to the previous secured page after logout . 您还应该查看Expires,Cache-Control,Pragma http标头,如下所示: 防止用户在注销后返回到先前的安全页面 。
解决方案3
1 2014-07-22 09:58:14
try this to kill session 试试这个来杀死会话
HttpSession newsession = request.getSession(false);
if (newsession != null)
{
newsession.invalidate();
}
response.sendRedirect("../index.jsp");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.