Jsp 登录页面刷新时会话超时
我制作了一个非常简单的登录和会话结构,以便在未来基于JSP的应用程序中重用。是这样的:Jsp 登录页面刷新时会话超时,jsp,servlets,servlet-filters,web.xml,session-timeout,Jsp,Servlets,Servlet Filters,Web.xml,Session Timeout,我制作了一个非常简单的登录和会话结构,以便在未来基于JSP的应用程序中重用。是这样的: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest)request; String serv
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest)request;
String servletPath = httpReq.getServletPath();
HttpSession session = httpReq.getSession();
String redirectUrl = "/login.jsp";
if (
(servletPath.endsWith("login.jsp")) ||
(servletPath.endsWith("rss.html")) ||
(servletPath.endsWith("httperror403.html")) ||
(servletPath.endsWith("httperror500.html")) ||
(servletPath.endsWith("imageMark.do"))||
(servletPath.indexOf("/api.do") != -1) ||
(servletPath.indexOf("/help/") != -1)){
chain.doFilter(request, response);
} else if (session == null) {
httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
} else {
SystemUser user = (SystemUser)session.getAttribute("user");
if (user == null){
if (session != null){
session.invalidate();
}
httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
} else {
chain.doFilter(request, response);
}
}
}
web.xml(1分钟超时用于测试我的问题):
Login.javaservlet(为测试缩短身份验证):
而位于WebContent根目录下的login.jsp页面有一个
表单,表单中有适当的innerHTML用于身份验证,还有一个${failure}字段用于接收会话超时或登录失败消息
这个结构非常适合我。它拦截、请求登录、检查会话和身份验证等,但有一个小缺陷:如果您在登录页面并在超时后刷新它(F5或按URL上的Enter键),该页面将接收并在${failure}中显示“会话超时”消息。
我还没有找到真正的工作方法让它知道前一页是登录页。尝试了五种不同的方法但没有成功,包括
request.getHeader(“Referer”)
和lastWish
标记库。一种方法是让您的公共可访问JSP(如登录页)根本不创建会话。默认情况下,请求JSP页面即隐式创建会话。这可以通过在JSP顶部添加以下行来实现:
<%@page session="false" %>
我就是这样做的:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest)request;
String servletPath = httpReq.getServletPath();
HttpSession session = httpReq.getSession();
String redirectUrl = "/login.jsp";
if (
(servletPath.endsWith("login.jsp")) ||
(servletPath.endsWith("rss.html")) ||
(servletPath.endsWith("httperror403.html")) ||
(servletPath.endsWith("httperror500.html")) ||
(servletPath.endsWith("imageMark.do"))||
(servletPath.indexOf("/api.do") != -1) ||
(servletPath.indexOf("/help/") != -1)){
chain.doFilter(request, response);
} else if (session == null) {
httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
} else {
SystemUser user = (SystemUser)session.getAttribute("user");
if (user == null){
if (session != null){
session.invalidate();
}
httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
} else {
chain.doFilter(request, response);
}
}
}
这到底是如何回答OP的具体问题的?顺便说一下,您的代码中有一个逻辑缺陷。在这个构造中,
会话
从来都不是null
。我不知道这样的事情可以做到!我添加了这个选项以重置用户,以防他手动进入登录页面,但使用您的解决方案,我更愿意删除它。非常感谢你,巴卢斯克!不客气。既然你是新来的,别忘了在任何有助于解决具体问题的答案上标注“接受”。另请参见@Trevor:Nice edge case。通常,在一般的自尊心强的网站中,已经登录的用户不会看到任何“登录”链接(从用户体验的角度来看,这是令人困惑的),任何试图通过强制URL或链接/书签来访问该网站的行为都会导致重定向到主页,可能会出现“您已经登录”的消息。对于这个重定向,可以使用一个过滤器(可能就是您可能已经在使用的同一个身份验证过滤器)。顺便说一句,我发誓我已经记下了答案,对不起!
<%@page session="false" %>
request.getSession().setAttribute("user", null);
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest)request;
String servletPath = httpReq.getServletPath();
HttpSession session = httpReq.getSession();
String redirectUrl = "/login.jsp";
if (
(servletPath.endsWith("login.jsp")) ||
(servletPath.endsWith("rss.html")) ||
(servletPath.endsWith("httperror403.html")) ||
(servletPath.endsWith("httperror500.html")) ||
(servletPath.endsWith("imageMark.do"))||
(servletPath.indexOf("/api.do") != -1) ||
(servletPath.indexOf("/help/") != -1)){
chain.doFilter(request, response);
} else if (session == null) {
httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
} else {
SystemUser user = (SystemUser)session.getAttribute("user");
if (user == null){
if (session != null){
session.invalidate();
}
httpReq.getRequestDispatcher(redirectUrl).forward(request, response);
} else {
chain.doFilter(request, response);
}
}
}