Java为什么我的会话没有被破坏
我试图通过让用户单击指向未映射到servlet的jsp的链接来注销用户并销毁会话 在我的logout.jsp中,我有以下内容(编辑添加了自发布后删除,但仍然没有清除会话) 为了完整起见,我将包括我的用户控制器的一部分,该部分将登录用户并设置会话,以防我在那里出错Java为什么我的会话没有被破坏,java,session,Java,Session,我试图通过让用户单击指向未映射到servlet的jsp的链接来注销用户并销毁会话 在我的logout.jsp中,我有以下内容(编辑添加了自发布后删除,但仍然没有清除会话) 为了完整起见,我将包括我的用户控制器的一部分,该部分将登录用户并设置会话,以防我在那里出错 //Handle User Login private String logInToSite(HttpServletRequest request, HttpServletResponse response) {
//Handle User Login
private String logInToSite(HttpServletRequest request,
HttpServletResponse response) {
String url;
String message;
// get values from form
String pNum = request.getParameter("phoneNumber");
String upwd = request.getParameter("password");
//validate the values to check for empty values in case JS registration check has failed.
if(pNum.length()==0 ||upwd.length()==0){
message="You have not filled out the required fields.";
request.setAttribute("message", message);
url = "/login.jsp";
return url;
}
//Format the phone number
String mPNum=UserDB.formatPhoneNumber(pNum);
User user = UserDB.loginUser(mPNum, upwd);
if(user==null){
message="User null";
request.setAttribute("message", message);
url = "/loginerror.jsp";
}else{
String hpwd = user.getPwd();
if(BCrypt.checkpw(upwd, hpwd)==false){
message="password didn't match";
request.setAttribute("message", message);
url="/loginerror.jsp";
}
else{
boolean logged=false;
HttpSession session = request.getSession();
session.setAttribute("loggedUsrID", user.getUserID());
session.setAttribute("loggedUsrFName", user.getFName());
session.setAttribute("loggedin",logged=true);
url="/schedule/welcome.jsp";
}
}
return url;
}
我正在为我的项目执行类似的注销jsp。我的JSP的全部内容如下:
<%
session.invalidate();
response.sendRedirect(request.getContextPath());
%>
确保在
logout.jsp
中没有引用任何其他内容,例如网站中的CSS或JavaScript?它是否引用了任何可能使会话保持活动状态的CSS/JSS/favicon?您不需要任何session.removeAttribute行。我的整个注销页面只包含上面的代码。但是,其余站点页面的结构是将header.jsp作为单独的页面包含在其中。在您注销并重新启动浏览器后,您是否看到以前的会话值仍在会话中?很抱歉,出现了回复连接问题。在web中设置COOKIE设置时,xml似乎已经解决了该问题。
//Handle User Login
private String logInToSite(HttpServletRequest request,
HttpServletResponse response) {
String url;
String message;
// get values from form
String pNum = request.getParameter("phoneNumber");
String upwd = request.getParameter("password");
//validate the values to check for empty values in case JS registration check has failed.
if(pNum.length()==0 ||upwd.length()==0){
message="You have not filled out the required fields.";
request.setAttribute("message", message);
url = "/login.jsp";
return url;
}
//Format the phone number
String mPNum=UserDB.formatPhoneNumber(pNum);
User user = UserDB.loginUser(mPNum, upwd);
if(user==null){
message="User null";
request.setAttribute("message", message);
url = "/loginerror.jsp";
}else{
String hpwd = user.getPwd();
if(BCrypt.checkpw(upwd, hpwd)==false){
message="password didn't match";
request.setAttribute("message", message);
url="/loginerror.jsp";
}
else{
boolean logged=false;
HttpSession session = request.getSession();
session.setAttribute("loggedUsrID", user.getUserID());
session.setAttribute("loggedUsrFName", user.getFName());
session.setAttribute("loggedin",logged=true);
url="/schedule/welcome.jsp";
}
}
return url;
}
<%
session.invalidate();
response.sendRedirect(request.getContextPath());
%>