-1

可能重复:
防止用户在注销后返回上一个安全页面

我必须创建一个带有会话的登录和注销页面。现在我必须在一定时间间隔后并单击注销按钮后使会话无效。在会话到期时间和注销操作之后,任何人都不应通过单击浏览器的后退按钮来访问以前的页面,而无需再次登录。

我怎样才能做到这一点?

4

2 回答 2

1

在文件中设置会话超时web.xml

<session-config>
   <session-timeout>30</session-timeout> 
</session-config>

用户登录时输入会话用户的名称:

session.setAttribute(userName, "userName");

并在用户注销时将其杀死:

session.removeAttribute("userName");

创建一个过滤器来验证用户,如下所示:

public class AuthorizationFilter extends Filter {

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
                                          throws   IOException, ServletException { 

        HttpServletRequest req = (HttpServletRequest) request; 

        HttpSession session = req.getSession(); 

        String userName = (String) session.getAttribute("userName"); 

        if (userName == null) { 
           rejectRedirect();  
        } 

        chain.doFilter(request, response);  
    }

    private void rejectRedirect() {
        response.sendRedirect("/login.jsp"); // or warning page
    }
}

并将此过滤器映射到web.xml

<filter> 
   <filter-name>Authorization Filter</filter-name> 
   <filter-class>yourpackage.AuthorizationFilter</filter-class> 
</filter> 
<filter-mapping> 
   <filter-name>Authorization Filter</filter-name> 
   <url-pattern>*.jsp</url-pattern> 
</filter-mapping>
于 2012-08-29T12:52:31.603 回答
0 
    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;

        HttpServletResponse response = (HttpServletResponse) res;

        HttpSession session = request.getSession();

        String userName = (String) session.getAttribute("loggedVendor");

        if (userName == null)
            response.sendRedirect("index.jsp");

        chain.doFilter(request, response);
    }

    public void init(FilterConfig filterConfig)
            throws ServletException {
        // We can initialize a filter using the init-params here
        // (which we defined in the deployment descriptor - web.xml)
    }

<filter>
    <filter-name>AuthorizationFilter</filter-name>
    <filter-class>AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>AuthorizationFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
</filter-mapping>
于 2012-08-30T10:09:33.570 回答