使用session.invalidate的JSF注销不会清除当前用户名吗? [英] JSF logout using session.invalidate does not clear the current username?
问题描述
在我的JSF应用程序中,我得到这样的当前登录用户的名称...
In my JSF application, I get the name of the currently signed in user like this ...
public String getLoggedInUsername() {
return FacesContext.getCurrentInstance().getExternalContext().getRemoteUser();
}
...,然后检查用户是否已这样登录...
... and I check if the user is signed in like this ...
public boolean isSignedIn() {
return (getLoggedInUsername() != null);
}
...并且当用户退出时,我会执行此操作...
... and when the user signs out, I do this ...
public String doLogout() {
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession httpSession = (HttpSession)facesContext.getExternalContext().getSession(false);
httpSession.invalidate();
return "main";
}
我的问题是在doLogout()之后,getLoggedInUsername()仍返回已登录用户的名称.我应该怎么做才能确保getRemoteUser()注销后返回null?
My problem is after doLogout(), the getLoggedInUsername() still returns the name of the user that was logged in. What am I supposed to do to make sure getRemoteUser() returns null after logout?
或者,是否有比仅检查用户名更好的获取isSignedIn()的方法?
Alternately, is there a better way to get if isSignedIn() than just checking the username?
谢谢! 罗布
推荐答案
请确保您在使会话无效之后重定向请求.根据会话属性解析用户主体.因此,当您直接转到目标页面时(默认情况下是JSF导航案例),由于它使用 same HttpSession引用,因此它仍将存在于目标页面中.重定向指示Web浏览器触发全新的HTTP请求,从而强制服务器根据新请求重新创建HttpSession引用.
Ensure that you're redirecting the request after invalidating the session. The user principal is resolved based on a session attribute. So when you just forward to the target page (as a JSF navigation case by default does), then it'll still be there in the target page since it uses the same HttpSession reference. A redirect instructs the webbrowser to fire a brand new HTTP request, hereby forcing the server to recreate the HttpSession reference based on the new request.
将<redirect/>添加到导航案例中,以强制JSF发送重定向.或者,如果您已经在JSF 2.0中,请在结果值中添加?faces-redirect=true.
Add <redirect/> to the navigation case to force JSF to send a redirect. Or when you're already in JSF 2.0, add ?faces-redirect=true to the outcome value.
这篇关于使用session.invalidate的JSF注销不会清除当前用户名吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
