session.invalidate()在Websphere Application Server中不起作用 [英] session.invalidate() not working in Websphere Application Server

问题描述

我们需要从主应用程序转到供应商登录页面.如果会话有效，则在供应商页面上可以看到在主应用程序中选择的数据，因为我们正在将数据存储在会话中. 为了解决这个问题，在Tomcat中，我们在Vendor登录jsp的开头有以下代码.

We have the requirement of going to Vendor login page from the main application. If the session is valid then the data selected in the main application is visible in the Vendor page are we are storing the data in session. For Handling this, in Tomcat we had below code in the starting of Vendor login jsp.

request.getSession().invalidate();

我们现在正在迁移到Websphere Application Server.相同的代码在WAS中不起作用. 我们正在收到IllegalStateException.我在某处看到WAS通过cookie处理会话.因此，如果会话已经无效，则抛出IllegalStateException.

We are migrating now to Websphere Application Server. The same code is not working in WAS. We are getting IllegalStateException. Somewhere I read that WAS handles session through cookies. So IllegalStateException is thrown if session is already invalidated.

我将WAS的代码更改为以下代码: userId是我要保存在主应用程序会话中的用户ID.

I changed the code to as below for WAS: userId is the user id which I am saving in session in the main application.

if ((request.getSession() != null) && (request.getSession().getAttribute("userId") != null)) { // Old session
    request.getSession().invalidate();
}

即使控件进入if条件内，它也会给出IllegalStateException. 根据我们的要求，我有一种选择是在供应商登录jsp开始时删除所有会话参数，以便不传递任何内容.但是为此，我必须一个一个地删除每个参数(几乎有20个).将来在会话中保存的任何新参数，我都必须更新此jsp.

Even if control is going inside the if condition, it is giving IllegalStateException. For our requirement I have one alternative to remove all session parameters in the starting of vendor login jsp, so that nothing is passed. But for that I have to remove each parameter (almost 20 are there) one by one. And also in future any new parameter I will save in session, I have to update this jsp.

如果有旧会话，是否有任何解决方案可以首先使整个会话无效?

Is there any solution to invalidate the entire session first if it's old?

推荐答案

我们使用以下代码解决了该问题.

We solved the issue with the following code.

<%@page session="false"%>

<%
   HttpSession session = request.getSession();
   if (session!=null) {
      session.invalidate();
   }
%>

我们在主登录jsp和供应商登录jsp中都添加了此代码.因此，每次加载jsp时，都会消除HTTP会话的自动创建(

We added this code in both the main login jsp and vendor login jsp. So each time the jsp is loaded the automatic creation of HTTP session is eliminated (http://docs.oracle.com/cd/A97688_16/generic.903/bp/j2ee.htm#1008677). Then we create a session explicitly. This code now works perfectly in Websphere Application Server.

这篇关于session.invalidate()在Websphere Application Server中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！