Java request.getSession（false）未返回null

我正在尝试创建一个示例应用程序。我无法理解为什么会发生以下情况

我的AuthFilter：

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        System.out.println("Reached AuthFilter");
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        HttpSession session = request.getSession(false);
        System.out.println("request.getSession(false)" + request.getSession(false));

        if (session == null) {
            System.out.println("Going to index.jsp");
            response.sendRedirect(request.getContextPath() + "/index.jsp");
        } else {
            System.out.println("Going to the servlet ");
            chain.doFilter(req, resp);
        }
    }

在我的Servlet中，检查用户名和密码后，我希望根据提供的详细信息指导用户

我的Servlet代码：

    if (validUser) {
        System.out.println("Valid user. So, Going to another servlet /welcome.do");
        request.getRequestDispatcher("/welcome.do").forward(request, response);
    } else if (request.getSession(false) != null) {
        System.out.println("Already there is a session is associated with the user");
        request.getRequestDispatcher("secure/welcome.jsp").forward(request, response);
    } else {
        System.out.println("I am in else");
        request.getRequestDispatcher("/login-error.jsp").forward(request, response);
    }

The Output:

23:28:06,153 INFO  [stdout] (http--127.0.0.1-8080-1) Reached AuthFilter
23:28:06,153 INFO  [stdout] (http--127.0.0.1-8080-1) request.getSession(false)org.apache.catalina.session.StandardSessionFacade@3c6d1e82
23:28:06,154 INFO  [stdout] (http--127.0.0.1-8080-1) Going to the servlet 
23:28:06,437 INFO  [stdout] (http--127.0.0.1-8080-1) userName = xxx
23:28:06,439 INFO  [stdout] (http--127.0.0.1-8080-1) Retrieved passCode = xxx
23:28:06,440 INFO  [stdout] (http--127.0.0.1-8080-1) password.equals(passCode) = false
23:28:06,441 INFO  [stdout] (http--127.0.0.1-8080-1) Already there is a session is associated with the user

---

我希望我的用户被发送到欢迎页面，如果有一个会话与他们相关，否则我希望他们被发送到错误页面。但此代码正在将密码不正确的用户发送到欢迎页面。有人能解释一下原因吗？

当您启动从浏览器客户端到服务器的新请求时，基本上是初始化客户端和服务器之间的新会话。除非销毁此会话（通过用户会话超时或使用服务器上的某些方法明确销毁），否则该会话将处于活动状态

当用户通过登录方法进行身份验证时，通常创建一个

user-user

对象并将其保存到会话中，然后通过检查当前会话中是否存在该用户来验证该用户是否已登录。为此，请更改当前代码：

在servlet中：

if (validUser) {
    System.out.println("Valid user. So, Going to another servlet /welcome.do");
    HttpSession session = request.getSession();
    //creating the User user instance
    User user = new User();
    user.setName(userName);  //assuming this is an attribute in User class
    //store it into session
    session.setAttribute("user", user);
    request.getRequestDispatcher("/welcome.do").forward(request, response);
} //rest of code...

在过滤器中：

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
    throws ServletException, IOException {
    System.out.println("Reached AuthFilter");
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;
    HttpSession session = request.getSession(false);
    User user = (User)session.getAttribute("user");
    if (user == null) {
        System.out.println("Going to index.jsp");
        response.sendRedirect(request.getContextPath() + "/index.jsp");
    } else {
        System.out.println("Going to the servlet ");
        chain.doFilter(req, resp);
    }
}

---

在

doFilter（..）

运行和第二个代码块（用户验证）运行之间，是否有对

HttpServletRequest请求的调用？