使 JSP 中的会话无效 - Servlet

发布于 2024-12-14 03:54:00 字数 2533 浏览 0 评论 0 原文

可能的重复：
阻止用户返回到上一个页面注销后的安全页面

我想知道如何使 JSP 和 servlet 中的会话无效。在我的网站中，一个人在注销时到达登录页面，但单击后退按钮他可以访问上一页。我无法理解在哪里放置 session.invalidate()

以及当一个人注销时我应该在 login.jsp 或我的其他网页上的哪里使其无效。

我的过滤器类：-

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import javax.servlet.annotation.WebFilter;


public class LoginFilter implements Filter{


        @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;




            HttpSession session = request.getSession(false);

            if (session == null || session.getAttribute("currentSessionUser") == null) {
                response.sendRedirect("Loginpage.jsp"); // No logged-in user found, so redirect to login page.

                response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
                response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
                response.setDateHeader("Expires", 0);
            } else {
                chain.doFilter(req, res); // Logged-in user found, so just continue request.
            }
        }

}

在 web.xml 中，我写了：-

 <filter>
        <filter-name>loginFilter</filter-name>
        <filter-class>LoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>loginFilter</filter-name>
        <url-pattern>/ARMS/*</url-pattern>
    </filter-mapping>

在我的 Loginpage.jsp 上，我刚刚写了

<%
session.invalidate();
%>

可以吗？其次我不清楚目录结构。我正在放置它的屏幕截图.. 在此处输入图像描述

我使用的是 apache tomcat 5.5 服务器，所以我想我不应该将 url-pattern 注释放在过滤器类中，对吧？因为只有tomcat 7及以上版本才支持。

原文

Possible Duplicate:
Prevent user from going back to the previous secured page after logout

I was wondering how to invalidate session in JSP and servlets. In my website a person when logs-out reaches the login page but on clicking back button he can access the previous page. I am not able to understand where to put session.invalidate()

And further where should i invalidate it, on login.jsp or my other web pages when a person hits logout.

My filter class:-

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import javax.servlet.annotation.WebFilter;


public class LoginFilter implements Filter{


        @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;




            HttpSession session = request.getSession(false);

            if (session == null || session.getAttribute("currentSessionUser") == null) {
                response.sendRedirect("Loginpage.jsp"); // No logged-in user found, so redirect to login page.

                response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
                response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
                response.setDateHeader("Expires", 0);
            } else {
                chain.doFilter(req, res); // Logged-in user found, so just continue request.
            }
        }

}

In web.xml i've written :-

 <filter>
        <filter-name>loginFilter</filter-name>
        <filter-class>LoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>loginFilter</filter-name>
        <url-pattern>/ARMS/*</url-pattern>
    </filter-mapping>

On my Loginpage.jsp i've just written

<%
session.invalidate();
%>

Is it okay? Secondly I am not clear on directory structure. I am putting screen shots of it.. enter image description here

I am using apache tomcat 5.5 server, so i guess I should not put url-pattern annotation in filter class right? because it is only supported in tomcat 7 and above.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

怕倦 2024-12-21 03:54:00

当用户点击“注销”时，您所访问的 servlet 或 JSP 中的会话将失效。
粗略地说，您可以检查用户访问的每个页面上是否存在会话。

看看这个线程，它有一些您正在寻找的答案。

http://forums.devx.com/showthread.php?t=146975

回复收藏 0 原文

风柔一江水 2024-12-21 03:54:00

我使用 servlet 的唯一目的是注销。当用户点击注销按钮时，它会将他们定向到该页面，该页面反过来检查活动会话，如果找到，则调用 session.invalidate() 然后将用户重定向回主页（或您想要的任何地方））。

HttpSession session = request.getSession(false);

if(session != null){
    session.invalidate();
    RequestDispatcher rd = request.getRequestDispatcher("Loginpage.jsp");
    rd.forward(request, response);
} else {
    //There is no session. Redirect somewhere
}

这只是一个简单的例子。

I use a servlet for the sole purpose of log outs. When a user hits the log out button it directs them to that page, which in turn checks for an active session and if it finds one, calls session.invalidate() then redirects the user back to the home page (or wherever you would like).

HttpSession session = request.getSession(false);

if(session != null){
    session.invalidate();
    RequestDispatcher rd = request.getRequestDispatcher("Loginpage.jsp");
    rd.forward(request, response);
} else {
    //There is no session. Redirect somewhere
}

This is just a quick example.

回复收藏 0 原文

~没有更多了~