How to properly invalidate JSP session?

后端未结

关注

 3  670

名媛妹妹 2021-02-02 02:40

So here is the problem. When a user logs out of my website, they can still hit the back button and continue using the site. To keep track of whether the user is logged in or not

3条回答

再見小時候 (楼主)

2021-02-02 03:20

You shouldn't check if the session is still active on your destination page, it's better to check it with a Filter.

If in the filter, request.getSession().getAttribute("isActive") returns something, then the user is still logged, and you simply chain; else you redirect on the login page.

For example :

public class ActiveFilter implements Filter {
   public void init(FilterConfig filterConfig) 
   }
   public void destroy() {
   }
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
      HttpServletRequest req = (HttpServletRequest) request;
      HttpServletResponse res = (HttpServletResponse) response;
      if (req.getSession().getAttribute("isActive") == null){
          res.sendRedirect("/index.jsp");
      }else{
          chain.doFilter(request, response);
      }
   }
}

Resources :

Sun.com - Filtering Requests and Responses

0 讨论(0)

查看其它3个回答