Servlet会话无效 [英] Servlet session invalidate

问题描述

我在2个不同的服务器中有2个应用程序 - Tomcat（基本上是.WAR文件）和jBoss中的EAR。

I have 2 apps in 2 different servers - Tomcat(basically a .WAR file) and a EAR in jBoss.

EAR是一个可重复使用的应用程序，我将在其中进行身份验证用户并将控件发送回Tomcat上的应用程序。在进行身份验证时，我正在jBoss应用上创建会话对象。

EAR is a reusable app where I will authenticate the user and send back the control to the app on the Tomcat. While authenticating I am creating a session object on the jBoss app.

当我将控件发送回Tomcat上的应用程序时，我会询问用户是否要签署验证应用程序。如果用户按下是按钮，我将不得不从验证应用程序注销该用户

When I send back the control to the app on Tomcat I will ask the user if he wants to sign off the authenticating application. If the user pushes the "Yes" button I will have to logoff that user from the authenticating app

问题

1）我读到Filter是使会话无效的最佳方式。在我的情况下，因为验证应用程序旨在由超过1个用户使用，过滤器将如何知道它需要使哪个会话无效？

1) I read that Filter is the best way to invalidate the session. In my case since the authenticating app is intended to be used by more than 1 user how will the filter know which session it needs to invalidate?

2）我应该通过在jBoss应用程序中创建的会话ID到Tomcat应用程序，以便当用户决定注销时 - 我需要将相同的会话ID传递给jBoss应用程序，以使过滤器无效？

2) Should I pass the session id created in the jBoss app to the Tomcat app so that when the user decides to sign off - I will need to pass back the same session id to the jBoss app for the Filter to invalidate?

推荐答案

您不需要过滤器。一个简单的Servlet会做：

You don't need a Filter. A simple Servlet will do:

public LogoutServlet extends HttpServlet {
    @Override
    public void doGet(...) {
       request.getSession().invalidate();
    }
}

然后将此servlet映射到 / lougout 在 web.xml 中，每当用户想要注销时，他都应该被发送到 http：// youhost / yourapp / logout 。

Then map this servlet to /lougout in web.xml, and whenever the user wants to logout, he should be sent to http://youhost/yourapp/logout.

如果你想在他已经使用tomcat服务器时将他注销，你需要重定向回JBoss服务器以使那里的会话无效。

If you want to log him out when he is already working with the tomcat server, you'd need to redirect back to the JBoss server to invalidate the session there.

注意 request.getSession（）获取当前会话 - 即属于发出请求的用户的会话。您的servlet容器（服务器）为您处理此问题。

Note that request.getSession() gets the current session - i.e. the one that belongs to the user making the request. Your servlet container (server) handles this for you.

这篇关于Servlet会话无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！