登录后重定向回页面 [英] Redirect back to a page after a login

问题描述

我正在用一系列 Servlets 做一个简单的论坛，每个论坛都代表一个家，主题，发布，登录和用户列表页面。在其中一些页面上，当用户未登录时会出现一个链接。

I'm doing a simple forum with a series of Servlets that each represent a home, topic, postedit, login and userlist page. On some of these pages there is a link that appears when a user isn't logged in.

我想要实现的是触发重定向（使用转发） （）在RequestDispatcher上）登录后，浏览器返回到用户所在的页面，然后再单击登录链接。为了做到这一点，我看到了两个解决方案。

What I'd like to achieve is to trigger a redirection (using forward() on a RequestDispatcher) after a login so the browser goes back to the page where a user was before clicking the login link. In order to do this, I see two solutions.

第一个解决方案是使用HTML 表单登录按钮和一个不可见的字段，其中包含的信息将说明要重定向的页面为参数。这是可行的，但我想尝试别的。

The first solution is to have an HTML Form with a login button and an invisible field that will contain information that will say what page to redirect as a Parameter. This is doable but I'd like to try something else.

第二个解决方案是添加属性到会话以某种方式代表第一个页面。这可能包含一个String，但这与第一种方法没有什么不同。另一个转折是添加对HttpServlet的引用并使用instanceof或静态String变量，该变量可用于以某种方式标识Servlet。但是，这需要为所有 Servlets 创建一个共同的祖先类。

The second solution is to add an Attribute to the session that represents the first "page" in some way. This could contain a String but this is no different from the first approach. Another twist would be to add a reference to the HttpServlet and to use instanceof or a static String variable that could be used to identify the Servlet in some way. However, this would require creating a common ancestor class for all the Servlets.

也许还有另一个简单的解决方案你可以看到那会形成一个很好的折衷方案吗？或者，上述解决方案中的一个可能是完全可以接受的？

Perhaps there is another simple solution that you can see that would form a good compromise ? Or, maybe one of the above solutions is perfectly acceptable ?

推荐答案

我更喜欢第二个解决方案之上的第一个解决方案。这是请求作用域信息，并且实际上不属于会话，它只会导致wtf？在同一会话中打开多个窗口/标签时的体验。

I would prefer the first above the second solution. This is request scoped information and really doesn't belong in the session, it would only lead to "wtf?" experiences when you have multiple windows/tabs open in the same session.

在登录页面的链接上，只需将当前URL作为请求参数传递：

On the link to the login page, just pass the current URL as request parameter:

<a href="/login?from=${pageContext.request.requestURI}">Login</a>

或者如果它是登录页面的POST表格：

Or if it is a POST form to the login page:

<input type="hidden" name="from" value="${pageContext.request.requestURI}">

在登录表单中，将其作为隐藏变量传输到下一个请求：

In the login form, transfer it to the next request as hidden variable:

<input type="hidden" name="from" value="${param.from}">

在登录servlet中，使用它：

In the login servlet, make use of it:

User user = userDAO.find(username, password);
if (user != null) {
    request.getSession().setAttribute("user", user);
    response.sendRedirect(request.getParameter("from"));
} else {
    // Show error.
}

相当简单，不是吗？ ：）

Fairly simple, isn't it? :)

有些人可能会建议在登录表单中使用 request.getHeader（referer）登录前链接/按钮中的 request.getRequestURI（），但我不这样做，因为这是客户端控制的，并不总是返回可靠的信息。有些客户已经禁用它或者正在使用某些软件，这些软件使用无效值来欺骗它，例如大多数（ cough ）赛门铁克产品都会这样做。

Some may suggest to use request.getHeader("referer") for this inside the login form instead of request.getRequestURI() in the link/button before login, but I wouldn't do that as this is client-controlled and doesn't always return reliable information. Some clients have disabled it or are using some software which spoofes it with an invalid value, such as most of the (cough) Symantec products do.

这篇关于登录后重定向回页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！