java httpssession有效吗？

发布于 2024-11-24 03:48:16 字数 364 浏览 1 评论 0原文

我在 tomcat 中使用 java servlet API。

我将用户名和带有属性用户名的 httpsession 保存在哈希表中，我想知道是否有办法检查 httpsession 是否有效。

我尝试过：

try {
    String user = httpSession.getAttribute("username")
    return "is valid";
} catch (IllegalStateException e) {
    return "is not valid";
}

如果我不希望“已登录”用户从多个地方连接，我该怎么办？如果我仅控制是否创建新会话，我无法知道他是否已与另一个会话连接。

原文

I'm using the java servlet API in tomcat.

I save in a hash table the username and the httpsession with the attribute username and I would like to know if there is a way to check if the httpsession is valid.

I've tried:

try {
    String user = httpSession.getAttribute("username")
    return "is valid";
} catch (IllegalStateException e) {
    return "is not valid";
}

What can I do if I don't want that a "logged" user connect from more than one place? If I control only if I create a new session, I can't know if he was connected already with another session.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

盗梦空间 2024-12-01 03:48:16

无需将 httpSession 存储在您自己的哈希中。

查看 HttpServletRequest 的 API。如果您查看方法 getSession (Boolean x)（传递 false，因此不会创建新会话）将确定会话是否有效。

这是一个示例

public void doGet(HttpServletRequest req, HttpServletResponse res) {
    HttpSession session = req.getSession(false);
    
    if (session == null) {
       //valid session doesn't exist
       //do something like send the user to a login screen
    }

    if (session.getAttribute("username") == null) {
       //no username in session
       //user probably hasn't logged in properly
    }

    //now let's pretend to log the user out for good measure
    session.invalidate();
}

附带说明，如果我正确阅读了您的问题并且您将信息存储在自己的映射中，则需要小心不要造成内存泄漏并清除哈希表中的条目你自己。

No need to store the httpSession in your own hash.

Look at the API for the HttpServletRequest. If you look at method getSession(Boolean x) (pass false so it doesn't create a new session) will determine if the session is valid.

Here is an example

public void doGet(HttpServletRequest req, HttpServletResponse res) {
    HttpSession session = req.getSession(false);
    
    if (session == null) {
       //valid session doesn't exist
       //do something like send the user to a login screen
    }

    if (session.getAttribute("username") == null) {
       //no username in session
       //user probably hasn't logged in properly
    }

    //now let's pretend to log the user out for good measure
    session.invalidate();
}

On a side note, If I read your question properly and you are storing the information in your own map, you need to be careful that you don't create a memory leak and are clearing the entries out of the hash table yourself.

回复收藏 0 原文