如何验证/无效会话 jsp/servlets? [英] How to validate/invalidate sessions jsp/servlets?

查看:13
本文介绍了如何验证/无效会话 jsp/servlets?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当用户成功登录时,我在我的 servlet 中打开了会话:

HttpSession session = request.getSession(true);session.setAttribute("name", name);

然后我在logout.jsp中写了终止会话:

<%session.invalidate();%>

要检查会话是否有效,我正在这样做:

HttpSession session = request.getSession();String name = (String) session.getAttribute("name");

但它不起作用,即使在 session.invalidate 之后我也使会话有效.有人明白我哪里做错了吗?

解决方案

你应该调用 session.getSession(false) - 如果没有当前会话,它返回 null.

根据文档<块引用>

HttpSession#getSession(boolean create) - create - 必要时为这个请求创建一个新的会话;如果没有当前会话,则返回 null.

所以会话值检查的正确方法是 -

HttpSession session = request.getSession(false);如果(会话!=空)session.setAttribute("name", name);

一旦你使会话无效 -

HttpSession session = request.getSession(false);如果(会话!=空)session.invalidate();

I opened the session in my servlet when the user performed a successful login:

HttpSession session = request.getSession(true);
session.setAttribute("name", name);

then I wrote in the logout.jsp to terminate the session:

<%session.invalidate();%>

To check if a session is valid I am doing this:

HttpSession session = request.getSession();
String name = (String) session.getAttribute("name");

But it is not working, I am getting the session valid even after the session.invalidate. Does anyone understand where am I doing wrong?

解决方案

you should call session.getSession(false) - which returns null if there is no current session.

according to docs

HttpSession#getSession(boolean create) - create - true to create a new session for this request if necessary; false to return null if there's no current session.

So the correct way of session value check would -

HttpSession session = request.getSession(false);
if(session!=null)
  session.setAttribute("name", name);

and once you invalidate the session -

HttpSession session = request.getSession(false);
if(session!=null)
session.invalidate();

这篇关于如何验证/无效会话 jsp/servlets?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆