JSF 使用 session.invalidate 注销不会清除当前用户名?
在我的 JSF 应用程序中,我获取当前登录用户的名称,如下所示
public String getLoggedInUsername() {
return FacesContext.getCurrentInstance().getExternalContext().getRemoteUser();
}
……并检查用户是否已登录,如下所示……
public boolean isSignedIn() {
return (getLoggedInUsername() != null);
}
当用户注销时,我执行以下操作...
public String doLogout() {
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession httpSession = (HttpSession)facesContext.getExternalContext().getSession(false);
httpSession.invalidate();
return "main";
}
我的问题是在 doLogout() 之后, getLoggedInUsername() 仍然返回登录用户的名称。我应该做什么来确保 getRemoteUser() 在注销后返回 null ?
或者,是否有比仅检查用户名更好的方法来获取 if isSignedIn() ?
谢谢! 抢
In my JSF application, I get the name of the currently signed in user like this ...
public String getLoggedInUsername() {
return FacesContext.getCurrentInstance().getExternalContext().getRemoteUser();
}
... and I check if the user is signed in like this ...
public boolean isSignedIn() {
return (getLoggedInUsername() != null);
}
... and when the user signs out, I do this ...
public String doLogout() {
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession httpSession = (HttpSession)facesContext.getExternalContext().getSession(false);
httpSession.invalidate();
return "main";
}
My problem is after doLogout(), the getLoggedInUsername() still returns the name of the user that was logged in. What am I supposed to do to make sure getRemoteUser() returns null after logout?
Alternately, is there a better way to get if isSignedIn() than just checking the username?
Thanks!
Rob
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
确保在使会话无效后重定向请求。用户主体是根据会话属性解析的。因此,当您只是转发到目标页面时(默认情况下 JSF 导航情况就是如此),它仍然会出现在目标页面中,因为它使用相同
HttpSession参考。重定向指示网络浏览器触发全新的 HTTP 请求,从而强制服务器根据新请求重新创建 HttpSession 引用。将
?faces-redirect=true添加到结果值中。Ensure that you're redirecting the request after invalidating the session. The user principal is resolved based on a session attribute. So when you just forward to the target page (as a JSF navigation case by default does), then it'll still be there in the target page since it uses the same
HttpSessionreference. A redirect instructs the webbrowser to fire a brand new HTTP request, hereby forcing the server to recreate theHttpSessionreference based on the new request.Add
<redirect/>to the navigation case to force JSF to send a redirect. Or when you're already in JSF 2.0, add?faces-redirect=trueto the outcome value.调用“session.invalidate();”后,添加“request.logout();”。
方法在会话对象上无效,只是清理会话数据。
请求对象上的方法 logout 将 null 设置为在请求上调用 getUserPrincipal、getRemoteUser 和 getAuthType 时返回的值。
After call "session.invalidate();" , add "request.logout();".
Method invalidate on session object just clean session data.
Method logout on request object establish null as the value returned when getUserPrincipal, getRemoteUser, and getAuthType is called on the request.