FF、Tomcat 中的会话失效
我正在使用 Tomcat Web 容器。我实施了一个管理控制台应用程序。当我单击“注销”时,会话属性将变为空并失效,请参阅我的 logout.jsp 文件中的以下代码。 注销后,用户将进入登录页面。在 fireFox 中,我单击后退按钮,但遇到以下问题。 首先,我没有像 IE 那样获得页面过期页面 其次,当我单击页面中的任何链接时,我会检查在注销时将其设置为空的 session 属性。它的价值就是“成功”。 我对这种行为完全感到困惑。是 firefox 或 tomcat 会话管理的问题吗?
我确信我需要更多的知识来理解这种行为。感谢您帮助我了解这里发生的事情......
<%@ page session="false" %>
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",-1);
%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%
HttpSession session = request.getSession(false);
System.out.println("session"+session);
session.setAttribute("loginStatus",null);
session.invalidate();
%>
I am using Tomcat web container. I have an admin console app implemented. When I click on logout a session attribute is made null and invalidated see the below code in my logout.jsp file.
After logout the user is taken to the login page. In fireFox I click back button I have the below issues.
First I do not get page expired page like in IE
Second when I click on any of the link in the page , I check for the sessioon attribute which I made null in logout. The value of that is "success".
I am totally confused with this behaviour. Is it issue with firefox or tomcat session management.
I am sure I need more knowledge to understand this behaviour. Appreciate your help in letting me know what happens here...
<%@ page session="false" %>
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",-1);
%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%
HttpSession session = request.getSession(false);
System.out.println("session"+session);
session.setAttribute("loginStatus",null);
session.invalidate();
%>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
标题不完整。您需要以下一组标头:
特别是
must-revalidate
条目修复了这个特定的 FF 问题。另请参阅
与实际问题无关,我已经关于这段代码的一些评论:
Filter
中设置,并且注销需要在Servlet
中(间接)发生。false
调用getSession(false)
可能会返回null
会话,而这又可能在某些情况下导致NullPointerException
情况。摆脱false
或至少添加一个 nullcheck。invalidate()
之前将属性设置为null
是不必要的。invalidate()
调用已经废弃了所有属性。希望你能从中学到一些东西。
The headers are incomplete. You need the following set of headers:
Escpecially the
must-revalidate
entry fixes this particular FF issue.See also
Unrelated to the actual problem, I've a few comments about this piece of code:
Filter
and the logout needs to happen (indirectly) in aServlet
.getSession(false)
withfalse
may return anull
session which in turn can lead to aNullPointerException
in certain circumstances. Get rid offalse
or at least add a nullcheck.null
right before callinginvalidate()
is unnecessary. Theinvalidate()
call already trashes all the attribtues.Hope you learn something from this.