Java为什么我的会话没有被破坏

我试图通过让用户单击指向未映射到servlet的jsp的链接来注销用户并销毁会话

在我的logout.jsp中，我有以下内容（编辑添加了自发布后删除，但仍然没有清除会话）

为了完整起见，我将包括我的用户控制器的一部分，该部分将登录用户并设置会话，以防我在那里出错

//Handle User Login
private String logInToSite(HttpServletRequest request,
        HttpServletResponse response) {

    String url;        
    String message;
    // get values from form
    String pNum = request.getParameter("phoneNumber");
    String upwd = request.getParameter("password");

    //validate the values to check for empty values in case JS registration check has failed.
    if(pNum.length()==0 ||upwd.length()==0){
        message="You have not filled out the required fields.";
        request.setAttribute("message", message);
        url = "/login.jsp";
        return url;
    }

    //Format the phone number
    String mPNum=UserDB.formatPhoneNumber(pNum);
    User user = UserDB.loginUser(mPNum, upwd);

    if(user==null){
        message="User null";
        request.setAttribute("message", message);
        url = "/loginerror.jsp";
    }else{
        String hpwd = user.getPwd();
        if(BCrypt.checkpw(upwd, hpwd)==false){
           message="password didn't match";
           request.setAttribute("message", message);
           url="/loginerror.jsp";               
        }
        else{
            boolean logged=false;
            HttpSession session = request.getSession();
           session.setAttribute("loggedUsrID", user.getUserID());
           session.setAttribute("loggedUsrFName", user.getFName());
           session.setAttribute("loggedin",logged=true);
           url="/schedule/welcome.jsp";
        }
    }      
    return url;
}

---

我正在为我的项目执行类似的注销jsp。我的JSP的全部内容如下：

<%
    session.invalidate();
    response.sendRedirect(request.getContextPath());
%>

---

确保在

logout.jsp

中没有引用任何其他内容，例如网站中的CSS或JavaScript？它是否引用了任何可能使会话保持活动状态的CSS/JSS/favicon？您不需要任何session.removeAttribute行。我的整个注销页面只包含上面的代码。但是，其余站点页面的结构是将header.jsp作为单独的页面包含在其中。在您注销并重新启动浏览器后，您是否看到以前的会话值仍在会话中？很抱歉，出现了回复连接问题。在web中设置COOKIE设置时，xml似乎已经解决了该问题。

//Handle User Login
private String logInToSite(HttpServletRequest request,
        HttpServletResponse response) {

    String url;        
    String message;
    // get values from form
    String pNum = request.getParameter("phoneNumber");
    String upwd = request.getParameter("password");

    //validate the values to check for empty values in case JS registration check has failed.
    if(pNum.length()==0 ||upwd.length()==0){
        message="You have not filled out the required fields.";
        request.setAttribute("message", message);
        url = "/login.jsp";
        return url;
    }

    //Format the phone number
    String mPNum=UserDB.formatPhoneNumber(pNum);
    User user = UserDB.loginUser(mPNum, upwd);

    if(user==null){
        message="User null";
        request.setAttribute("message", message);
        url = "/loginerror.jsp";
    }else{
        String hpwd = user.getPwd();
        if(BCrypt.checkpw(upwd, hpwd)==false){
           message="password didn't match";
           request.setAttribute("message", message);
           url="/loginerror.jsp";               
        }
        else{
            boolean logged=false;
            HttpSession session = request.getSession();
           session.setAttribute("loggedUsrID", user.getUserID());
           session.setAttribute("loggedUsrFName", user.getFName());
           session.setAttribute("loggedin",logged=true);
           url="/schedule/welcome.jsp";
        }
    }      
    return url;
}

<%
    session.invalidate();
    response.sendRedirect(request.getContextPath());
%>