Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/jsp/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Jsp 登录页面刷新时会话超时_Jsp_Servlets_Servlet Filters_Web.xml_Session Timeout - Fatal编程技术网
Fatal编程技术网
  • jsp/
  • Jsp 登录页面刷新时会话超时

Jsp 登录页面刷新时会话超时

jsp servlets

Jsp 登录页面刷新时会话超时,jsp,servlets,servlet-filters,web.xml,session-timeout,Jsp,Servlets,Servlet Filters,Web.xml,Session Timeout,我制作了一个非常简单的登录和会话结构,以便在未来基于JSP的应用程序中重用。是这样的: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest)request; String serv

我制作了一个非常简单的登录和会话结构,以便在未来基于JSP的应用程序中重用。是这样的:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpReq = (HttpServletRequest)request;
    String servletPath = httpReq.getServletPath();
    HttpSession session = httpReq.getSession();
    String redirectUrl = "/login.jsp";
    if (
            (servletPath.endsWith("login.jsp")) ||
            (servletPath.endsWith("rss.html")) ||
            (servletPath.endsWith("httperror403.html")) ||
            (servletPath.endsWith("httperror500.html")) ||
            (servletPath.endsWith("imageMark.do"))||
            (servletPath.indexOf("/api.do") != -1) ||
            (servletPath.indexOf("/help/") != -1)){
        chain.doFilter(request, response);
    }  else if (session == null) {
        httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
    } else {
        SystemUser user = (SystemUser)session.getAttribute("user");
        if (user == null){
            if (session != null){
                session.invalidate();
            }
            httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
        } else {
            chain.doFilter(request, response);
        }
    }
}
web.xml(1分钟超时用于测试我的问题):

Login.javaservlet(为测试缩短身份验证):

而位于WebContent根目录下的login.jsp页面有一个
表单,表单中有适当的innerHTML用于身份验证,还有一个${failure}字段用于接收会话超时或登录失败消息

这个结构非常适合我。它拦截、请求登录、检查会话和身份验证等,但有一个小缺陷:如果您在登录页面并在超时后刷新它(F5或按URL上的Enter键),该页面将接收并在${failure}中显示“会话超时”消息。

我还没有找到真正的工作方法让它知道前一页是登录页。尝试了五种不同的方法但没有成功,包括
request.getHeader(“Referer”)
lastWish
标记库。

一种方法是让您的公共可访问JSP(如登录页)根本不创建会话。默认情况下,请求JSP页面即隐式创建会话。这可以通过在JSP顶部添加以下行来实现:

<%@page session="false" %>
我就是这样做的:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpReq = (HttpServletRequest)request;
    String servletPath = httpReq.getServletPath();
    HttpSession session = httpReq.getSession();
    String redirectUrl = "/login.jsp";
    if (
            (servletPath.endsWith("login.jsp")) ||
            (servletPath.endsWith("rss.html")) ||
            (servletPath.endsWith("httperror403.html")) ||
            (servletPath.endsWith("httperror500.html")) ||
            (servletPath.endsWith("imageMark.do"))||
            (servletPath.indexOf("/api.do") != -1) ||
            (servletPath.indexOf("/help/") != -1)){
        chain.doFilter(request, response);
    }  else if (session == null) {
        httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
    } else {
        SystemUser user = (SystemUser)session.getAttribute("user");
        if (user == null){
            if (session != null){
                session.invalidate();
            }
            httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
        } else {
            chain.doFilter(request, response);
        }
    }
}
这到底是如何回答OP的具体问题的?顺便说一下,您的代码中有一个逻辑缺陷。在这个构造中,
会话
从来都不是
null
。我不知道这样的事情可以做到!我添加了这个选项以重置用户,以防他手动进入登录页面,但使用您的解决方案,我更愿意删除它。非常感谢你,巴卢斯克!不客气。既然你是新来的,别忘了在任何有助于解决具体问题的答案上标注“接受”。另请参见@Trevor:Nice edge case。通常,在一般的自尊心强的网站中,已经登录的用户不会看到任何“登录”链接(从用户体验的角度来看,这是令人困惑的),任何试图通过强制URL或链接/书签来访问该网站的行为都会导致重定向到主页,可能会出现“您已经登录”的消息。对于这个重定向,可以使用一个过滤器(可能就是您可能已经在使用的同一个身份验证过滤器)。顺便说一句,我发誓我已经记下了答案,对不起! 
<%@page session="false" %>

request.getSession().setAttribute("user", null);

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpReq = (HttpServletRequest)request;
    String servletPath = httpReq.getServletPath();
    HttpSession session = httpReq.getSession();
    String redirectUrl = "/login.jsp";
    if (
            (servletPath.endsWith("login.jsp")) ||
            (servletPath.endsWith("rss.html")) ||
            (servletPath.endsWith("httperror403.html")) ||
            (servletPath.endsWith("httperror500.html")) ||
            (servletPath.endsWith("imageMark.do"))||
            (servletPath.indexOf("/api.do") != -1) ||
            (servletPath.indexOf("/help/") != -1)){
        chain.doFilter(request, response);
    }  else if (session == null) {
        httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
    } else {
        SystemUser user = (SystemUser)session.getAttribute("user");
        if (user == null){
            if (session != null){
                session.invalidate();
            }
            httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
        } else {
            chain.doFilter(request, response);
        }
    }
}