不需要的会话创建
我有两个 JSP 页面:Login.jsp 和 Main.jsp。
对于 url 模式 / 我有一个 servlet 可以执行以下操作:
HttpSession session = request.getSession(false);
if (session == null) {
response.sendRedirect("Login.jsp");
} else {
response.sendRedirect("Home.jsp");
}
到目前为止,两个 JSP 页面都是空的。
当我在浏览器中浏览 localhost:8080/appname/ 时,它会按预期路由到 Login.jsp。但是当我第二次尝试浏览它时,它会路由到 Home.jsp。
当我尝试调试时,session 不为空,我可以在 Chrome 浏览器中找到带有 JSESSIONID 的 cookie。
我不会在其他地方执行 getSession() 。
谁能解释一下这是怎么回事?
谢谢。
I have two JSP pages: Login.jsp and Main.jsp.
For the url pattern / I have a servlet which does this:
HttpSession session = request.getSession(false);
if (session == null) {
response.sendRedirect("Login.jsp");
} else {
response.sendRedirect("Home.jsp");
}
The two JSP pages are empty as of now.
When I browse localhost:8080/appname/ in my browser, it routes to Login.jsp as expected. But when I try to browse it for the second time, it routes to Home.jsp.
When I try to debug, session is not null and I could find a cookie with JSESSIONID in my chrome browser.
I don't do getSession() anywhere else.
Can anyone explain me what is going on here?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
JSP 默认创建一个会话。如果您不想要会话,请添加
A JSP creates a session by default. If you don't want a session then add
不仅是jsp,服务器上的任何请求都会启动会话。因此,发生的情况是第一次您没有获得任何会话,但下次您获得在先前请求中创建的会话。
你能做的是:
a) 设置会话的某些属性,而不是检查会话,检查仅在用户登录后才设置的属性。
b) 您可以尝试每次都使会话失效。还要确保即使在验证用户身份时也会使会话无效,然后生成会话,然后设置会话的属性。
Not only jsp, any request on server will start a session. So what is happening is first time you are not getting any session but next time you are getting the session which was created in the earlier request.
What you can do is:
a) Set some attribute of session and instead of checking session check for the attribute which will be set only once the user is logged in.
b) you can try invalidating session each time. Also make sure even when you authenticating user invalidate the session and then generate session and then set the attribute of session.