问题
i'm using java servlet in tomcat. i save in a hash table the username and the httpsession with the attribute usrname i would like to know if there is a way to know if the httpsession is valid.
i tried:
try{
String user = httpSession.getAttribute("username")
return "is valid";
}catch(IllegalStateException e){
return "is not valid";
}
tnks for the answer, but how can i do if i don't wont that a "logged" user connect from more the one place? if i controll only if i create a new session i can't know if he was connect whit another session.
回答1:
No need to store the httpSession in your own hash.
Look at the api for the HttpServletRequest. If you look at getSession(Boolean x) (pass false so it doesnt create a new session) will determine if the session is valid. Here is an example
public void doGet(HttpServletRequest req, HttpServletResponse res){
HttpSession session = req.getSession(false);
if(session == null){
//valid session doesn't exist
//do something like send the user to a login screen
}
if(session.getAttribute("username") == null){
//no username in session
//user probably hasn't logged in properly
}
//now lets pretend to log the user out for good measure
session.invalidate();
}
On a side note, If I read your question properly and you are storing the information in your own map, you need to be careful that you don't create a memory leak and are clearing the entries out of the hash table yourself.
回答2:
I agree with Sean. I will add that a good practice for this type of checking is to use a Filter
See here Servlet Filter
Just take the code Sean have written and put it in a Filter instead. Define you filter in the web.xml and every time a request come in, the filter will execute.
This way you can validate if the user is auth. without cluttering your servlet code.
回答3:
Rather than checking if a saved session is valid, you should be looking at the HttpServletRequest
on your servlet, and checking isRequestedSessionIdValid()
on that. When working in servlets you can always get Session
from the Request
, rather than saving it to a hash table.
来源:https://stackoverflow.com/questions/6711004/java-httpsession-is-valid