JSP Servlet会话invalidate()不会使会话为空 [英] JSP Servlet session invalidate() does not make session null
问题描述
我的JSP项目中有三个简单的HttpServlet类,分别是"LoginServlet","LogoutServlet"和"ProfileServlet".
I have three simple HttpServlet classes in my JSP project, "LoginServlet", "LogoutServlet" and "ProfileServlet".
- LoginServlet:通过将会话的名称"属性设置为用户登录
- LogoutServlet:注销用户并使会话无效
- ProfileServlet:如果用户已登录,则显示用户欢迎信息
我认为下面的最后两个servlet有问题.
The last two servlets are as below that I reckon are problematic.
@SuppressWarnings("serial")
public class LogoutServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out=response.getWriter();
HttpSession session=request.getSession(false);
session.invalidate();
request.getRequestDispatcher("link.jsp").include(request, response);
out.print("You are successfully logged out!");
out.close();
}
}
还有
@SuppressWarnings("serial")
public class ProfileServlet extends HttpServlet {
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
request.getRequestDispatcher("link.jsp").include(request, response);
HttpSession session = request.getSession(false);
if (session != null) {
String name = (String) session.getAttribute("name");
out.print("Hello, " + name + " Welcome to Profile");
} else {
out.print("Please login first");
request.getRequestDispatcher("login.html").include(request,
response);
}
out.close();
}
}
还有link.jsp:
And the link.jsp:
<% HttpSession nsession = request.getSession(false);
if(nsession == null) {
%>
<a href="login.html">Login</a>
<%
}
else {
%>
<a href="LogoutServlet">Logout</a>
<%
}
%>
<a href="ProfileServlet">Profile</a>
<hr/>
问题是用户登录时,单击注销"链接并调用"LogoutServlet"时,会话未正确无效,并且ProfileServlet仍打印出
The problem is while user is logged in, when the "Logout" link is clicked and "LogoutServlet" is called, session is not correctly invalidated and ProfileServlet still prints out
"Hello, null Welcome to Profile"
而不是重定向到"login.html"页面,因为会话仍然不为空.结果,登录"链接未显示在"link.jsp"页面上.这使用户无法尝试再次登录.
instead of redirecting to the "login.html" page because the session is still NOT null. As a result of it, "Login" link is not shown on the "link.jsp" page. This stops the user from being able to attempt to log in again.
为了弄清楚问题,我制作了一个新的html页面并更新了servlets
To make the problem clarified, I made a new html page and updated the servlets to do
request.getRequestDispatcher("link.html").include(request, response);
还有"link.html".
And the "link.html".
<a href="login.html">Login</a>
<a href="LogoutServlet">Logout</a>
<a href="ProfileServlet">Profile</a>
<hr/>
有趣的是,这正是我想要的!我想问题是
Interestingly this does what I wanted! I guess the problem is
request.getRequestDispatcher("link.jsp").include(request, response);
但是我无法解释为什么...
But I am unable to explain why...
推荐答案
在JSP中,默认情况下会创建新会话(如果不存在),因此您将始终获得非null会话.您可以通过在页面上添加以下页面指令来禁用该功能:
In JSP new session is created by default, if non present, so you will always get non null session. You can disable that by adding following page directive to your page:
<%@ page session="false" %>
有关更多信息,请检查以下为什么将JSP页面会话设置为"false"指令?
For more info check the following Why set a JSP page session = "false" directive?
这篇关于JSP Servlet会话invalidate()不会使会话为空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
