会话范围的JSF托管bean在servlet筛选器中始终为空

我尝试创建一个登录筛选器，如本教程中所示：

如果我想打开一个安全的站点，过滤器会引导我进入登录页面。但是当我按下登录按钮时，我又看到了登录页面

我根据问题找到了登录过滤器，在这里我试图从会话范围中获取登录域。登录栏总是

null

。根据教程，由于注释

@SessionScope

，我的登录栏应该在会话中

我的问题是：如何让我的登录名进入会话

Login.xhtml:

<h:form id="login-form">
      ...
    <h:commandButton id="button" value="Login" action="#{loginBean.doLogin}"/>
      ...
 </h:form>

@ManagedBean(eager=true,name="loginBean")
@SessionScoped
public class LoginBean implements Serializable {
private static final long serialVersionUID = 4067847760780243370L;  
private static final String[] userlist = { "fuh:fuh", "huf:1234" };
private String username;
private String password;
private boolean loggedIn;
@ManagedProperty(value = "#{navigationBean}")
private NavigationBean navigationBean;

public LoginBean(){}

public String doLogin() {
    String redirect = "";
    // Get every user from database 
    for (String user : userlist) {
        String dbUsername = user.split(":")[0];
        String dbPassword = user.split(":")[1];
        // Successful login
        if (dbUsername.equals(username) && dbPassword.equals(password)) {               
            loggedIn = true;                
            Log.write("Benutzer " + username
                    + " hat sich erfolgreich angemeldet!");     
        }
    }               

    if (loggedIn)
        redirect = navigationBean.redirectToWelcome();
    else           
        redirect = navigationBean.redirectToLogin();            

    return redirect;
}

public class Loginfilter implements Filter {    
private LoginBean loginBean;

@Override
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
     HttpServletRequest req = (HttpServletRequest)request;
     HttpServletResponse res = (HttpServletResponse)response;
     HttpSession session = req.getSession(true);

     //this is always null
     loginBean = (LoginBean) session.getAttribute("loginBean");

    if (loginBean == null || !loginBean.isLoggendIn()) {
        if (loginBean == null) {
            Log.write("loginBean null");
        }else if (!loginBean.isLoggedIn()) {
            Log.write("loginBean not logged in");
        }
        String contextPath = req.getContextPath();
        res.sendRedirect(contextPath + "/login/login.xhtml");
    }else{
        chain.doFilter(request, response);
    }
}

LoginFilter.java:

<h:form id="login-form">
      ...
    <h:commandButton id="button" value="Login" action="#{loginBean.doLogin}"/>
      ...
 </h:form>

@ManagedBean(eager=true,name="loginBean")
@SessionScoped
public class LoginBean implements Serializable {
private static final long serialVersionUID = 4067847760780243370L;  
private static final String[] userlist = { "fuh:fuh", "huf:1234" };
private String username;
private String password;
private boolean loggedIn;
@ManagedProperty(value = "#{navigationBean}")
private NavigationBean navigationBean;

public LoginBean(){}

public String doLogin() {
    String redirect = "";
    // Get every user from database 
    for (String user : userlist) {
        String dbUsername = user.split(":")[0];
        String dbPassword = user.split(":")[1];
        // Successful login
        if (dbUsername.equals(username) && dbPassword.equals(password)) {               
            loggedIn = true;                
            Log.write("Benutzer " + username
                    + " hat sich erfolgreich angemeldet!");     
        }
    }               

    if (loggedIn)
        redirect = navigationBean.redirectToWelcome();
    else           
        redirect = navigationBean.redirectToLogin();            

    return redirect;
}

public class Loginfilter implements Filter {    
private LoginBean loginBean;

@Override
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
     HttpServletRequest req = (HttpServletRequest)request;
     HttpServletResponse res = (HttpServletResponse)response;
     HttpSession session = req.getSession(true);

     //this is always null
     loginBean = (LoginBean) session.getAttribute("loginBean");

    if (loginBean == null || !loginBean.isLoggendIn()) {
        if (loginBean == null) {
            Log.write("loginBean null");
        }else if (!loginBean.isLoggedIn()) {
            Log.write("loginBean not logged in");
        }
        String contextPath = req.getContextPath();
        res.sendRedirect(contextPath + "/login/login.xhtml");
    }else{
        chain.doFilter(request, response);
    }
}

---

为了避免显而易见的问题：1）您从哪个包导入了

@SessionScoped

？2） 您是否绝对肯定这是您正在使用的同一个HTTP会话？（检查cookies、会话id等）1）javax.faces.bean.SessionScoped 2）你是对的（提示如下），会话id是完全不同的。如何使过滤器使用bean所在的会话？只要解决会话显然无法跨请求维护的问题即可。检查请求/响应头中的Cookie，检查代码是否没有对每个请求执行不必要的invalidate（），等等。为什么有`HttpSession session=req.getSession（true）`<代码>？您的用户要么总是先点击登录页面（在这种情况下，将有一个活动会话），要么来自一个不安全的页面（在这种情况下，loginBean`将不会被创建，因此始终为空）。没有理由使用

req.getSession（true）

。使该

为假

@kolossus更改了该设置，但仍不起作用。我的代码不会使会话无效，但我在cookies中发现了一些有趣的东西。当我从loginfilter打印cookie JSSessionID中的值时，它包含sessionid.someNumber，但当我从loginbean打印它时，它包含一个数字，它与那里的会话id不同，但在“.”之后是相同的someNumber。这意味着什么？