會話無效后,它仍然存在,為什么?
[英]After invalidating session , it's still alive , why?
問題描述
考慮一下servlet:
package controller;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class LogoutServlet
*/
@WebServlet("/loggingOut")
public class LogoutServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
// Get the session
HttpSession session = request.getSession(false);
if(session != null){
System.out.println("Here ...");
session.invalidate();
// forwards to the page logout.jsp
request.getRequestDispatcher("/WEB-INF/results/logoutResult.jsp").forward(request, response);
// response.sendRedirect("./WEB-INF/results/logoutResult.jsp");
}
else
{
System.out.println("There ...");
// response.sendRedirect("error404.jsp");
request.getRequestDispatcher("./WEB-INF/results/error404.jsp").forward(request, response);
}
}
}
在使會話無效並移至logoutResult.jsp ,如果再次到達上述servlet,則該會話仍處於“活動狀態”,並且沒有到達error404.jsp的代碼,即:
else
{
System.out.println("There ...");
// response.sendRedirect("error404.jsp");
request.getRequestDispatcher("./WEB-INF/results/error404.jsp").forward(request, response);
}
我該如何解決?
非常感激
2 個解決方案
解決方案1
3 2014-04-08 22:43:57
因為每次您訪問JSP都會創建一個新會話。 要禁用此屬性,請輸入以下指令:
<%@ page session="false" %>
解決方案2
1 已采納 2014-04-08 23:14:31
基本上, if(session != null){在這里毫無意義。 您應該從會話中讀取屬性,並檢查其是否為空:
String username = (String)session.getAttribute("username");
if(username!=null)
{
//user is logged in
}
else
{
//user is not logged in
}
如何強制Jetty在會話失效后使用BASIC身份驗證請求憑據?
[英]How to force Jetty to ask for credentials with BASIC authentication after invalidating the session?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.