Java request.getSession(false)未返回null
我正在尝试创建一个示例应用程序。我无法理解为什么会发生以下情况 我的AuthFilter:Java request.getSession(false)未返回null,java,servlets,Java,Servlets,我正在尝试创建一个示例应用程序。我无法理解为什么会发生以下情况 我的AuthFilter: public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { System.out.println("Reached AuthFilter"); HttpServletRequest reques
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("Reached AuthFilter");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
System.out.println("request.getSession(false)" + request.getSession(false));
if (session == null) {
System.out.println("Going to index.jsp");
response.sendRedirect(request.getContextPath() + "/index.jsp");
} else {
System.out.println("Going to the servlet ");
chain.doFilter(req, resp);
}
}
在我的Servlet中,检查用户名和密码后,我希望根据提供的详细信息指导用户
我的Servlet代码:
if (validUser) {
System.out.println("Valid user. So, Going to another servlet /welcome.do");
request.getRequestDispatcher("/welcome.do").forward(request, response);
} else if (request.getSession(false) != null) {
System.out.println("Already there is a session is associated with the user");
request.getRequestDispatcher("secure/welcome.jsp").forward(request, response);
} else {
System.out.println("I am in else");
request.getRequestDispatcher("/login-error.jsp").forward(request, response);
}
The Output:
23:28:06,153 INFO [stdout] (http--127.0.0.1-8080-1) Reached AuthFilter
23:28:06,153 INFO [stdout] (http--127.0.0.1-8080-1) request.getSession(false)org.apache.catalina.session.StandardSessionFacade@3c6d1e82
23:28:06,154 INFO [stdout] (http--127.0.0.1-8080-1) Going to the servlet
23:28:06,437 INFO [stdout] (http--127.0.0.1-8080-1) userName = xxx
23:28:06,439 INFO [stdout] (http--127.0.0.1-8080-1) Retrieved passCode = xxx
23:28:06,440 INFO [stdout] (http--127.0.0.1-8080-1) password.equals(passCode) = false
23:28:06,441 INFO [stdout] (http--127.0.0.1-8080-1) Already there is a session is associated with the user
我希望我的用户被发送到欢迎页面,如果有一个会话与他们相关,否则我希望他们被发送到错误页面。但此代码正在将密码不正确的用户发送到欢迎页面。有人能解释一下原因吗?当您启动从浏览器客户端到服务器的新请求时,基本上是初始化客户端和服务器之间的新会话。除非销毁此会话(通过用户会话超时或使用服务器上的某些方法明确销毁),否则该会话将处于活动状态 当用户通过登录方法进行身份验证时,通常创建一个
user-user
对象并将其保存到会话中,然后通过检查当前会话中是否存在该用户来验证该用户是否已登录。为此,请更改当前代码:
在servlet中:
if (validUser) {
System.out.println("Valid user. So, Going to another servlet /welcome.do");
HttpSession session = request.getSession();
//creating the User user instance
User user = new User();
user.setName(userName); //assuming this is an attribute in User class
//store it into session
session.setAttribute("user", user);
request.getRequestDispatcher("/welcome.do").forward(request, response);
} //rest of code...
在过滤器中:
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws ServletException, IOException {
System.out.println("Reached AuthFilter");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
User user = (User)session.getAttribute("user");
if (user == null) {
System.out.println("Going to index.jsp");
response.sendRedirect(request.getContextPath() + "/index.jsp");
} else {
System.out.println("Going to the servlet ");
chain.doFilter(req, resp);
}
}
在
doFilter(..)
运行和第二个代码块(用户验证)运行之间,是否有对HttpServletRequest请求的调用?