可能重复:
Prevent user from going back to the previous secured page after logout
我必须创建一个包含会话的登录和注销页面。现在,我必须在一段时间后点击注销按钮后使会话无效。在会话到期时间和注销操作之后,没有人应该通过单击浏览器的后退按钮来访问以前的页面而不再重新登录。
我怎样才能做到这一点?
答案 0 :(得分:1)
在web.xml文件中设置会话超时:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
当用户登录时输入会话用户的姓名:
session.setAttribute(userName, "userName");
当用户退出时杀了它:
session.removeAttribute("userName");
创建过滤器以验证用户,如下所示:
public class AuthorizationFilter extends Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
String userName = (String) session.getAttribute("userName");
if (userName == null) {
rejectRedirect();
}
chain.doFilter(request, response);
}
private void rejectRedirect() {
response.sendRedirect("/login.jsp"); // or warning page
}
}
并将此过滤器映射到web.xml:
<filter>
<filter-name>Authorization Filter</filter-name>
<filter-class>yourpackage.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Authorization Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
答案 1 :(得分:0)
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
String userName = (String) session.getAttribute("loggedVendor");
if (userName == null)
response.sendRedirect("index.jsp");
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig)
throws ServletException {
// We can initialize a filter using the init-params here
// (which we defined in the deployment descriptor - web.xml)
}
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>