我在登录时将会话ID存储在数据库中,并在访问不同页面时引用它。会话在一段时间后到期,因为我已经计算了每个页面中的会话ID。现在,我的问题是退出。当我单击注销时,它以一种用户的方式工作,如果从菜单中选择任何东西会使会话过期。但如果他点击后退按钮,则会将他带到上一页,因为会话从未退出/过期。如何防止这个页面显示在后退按钮上?
注意 - 在注销时,我创建了一个新会话并用它替换了旧会话。以下是我的代码 -
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import java.net.*;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
//public class LoginToApp extends HttpServlet {
public class LogoutApp extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
private ServletConfig config;
public void init(ServletConfig config)
throws ServletException{
//this.config=config;
super.init(config);
}
public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
HttpSession session = request.getSession();
String sessionID;
String oldsessionID = request.getParameter("sessionID");
System.out.println("Path Info"+oldsessionID);
Date createTime;
Date lastAccessTime;
long initialtime;
if(session.isNew()){
System.out.println("New session created by default");
request.getSession(true);
sessionID = session.getId();
createTime = new Date(session.getCreationTime());
lastAccessTime = new Date(session.getLastAccessedTime());
initialtime = System.currentTimeMillis();
}else{
System.out.println("You have created a new session");
session.invalidate();
session = request.getSession(true);
sessionID = session.getId();
createTime = new Date(session.getCreationTime());
lastAccessTime = new Date(session.getLastAccessedTime());
initialtime = System.currentTimeMillis();
}
try{
//java.sql.Statement theStatement=null;
java.sql.ResultSet theResultSet=null;
/* Create string of connection url within specified format with machine name, port number and database name. Here machine name id localhost and database name is student. */
String connectionURL = "jdbc:jtds:sqlserver://localhost/AUTOUDB";
// declare a connection by using Connection interface
Connection theConnection = null;
// declare object of Statement interface that uses for executing sql statements.
PreparedStatement thePreparedStatement = null;
// Load JBBC driver "com.mysql.jdbc.Driver"
Class.forName("net.sourceforge.jtds.jdbc.Driver");
int updateQuery = 0;
try{
/* Create a connection by using getConnection() method that takes parameters of string type connection url, user name and password to connect to database. */
theConnection = DriverManager.getConnection(connectionURL, "sa", "islemm*03");
// sql query to insert values in the secified table.
String queryString = "Update LOGIN set SESSID = ? where SESSID LIKE ?";
thePreparedStatement = theConnection.prepareStatement(queryString);
thePreparedStatement.setString(1,sessionID);
thePreparedStatement.setString(2,oldsessionID);
thePreparedStatement.executeUpdate();
System.out.println("Old Session ID : " +oldsessionID+ " New Session ID."+sessionID);
session.removeAttribute("oldsessionID");
response.setHeader("Cache-Control", "no-cache, no-store");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires","0");
response.setDateHeader("Expires",-1);
request.getSession().invalidate();
//response.sendRedirect("http://qtp.in.ibm.com:8080/automationutil/pages/loggedOut.jsp");
Cookie[] cookies = request.getCookies();
if (cookies != null)
for (int i = 0; i < cookies.length; i++) {
cookies[i].setValue("");
cookies[i].setPath("/");
cookies[i].setMaxAge(0);
response.addCookie(cookies[i]);
}
response.sendRedirect("/pages/login.html");
}catch (Exception e) {
e.printStackTrace();
}finally {
// close all the connections.
thePreparedStatement.close();
theConnection.close();
System.out.println("Disconnected from database in finally.");
}
// theResultSet.close();//Close the result set
// theStatement.close();//Close statement
theConnection.close(); //Close database Connection
System.out.println("Disconnected from database");
}catch(Exception e){
System.out.println(e.getMessage());//Print trapped error.
e.printStackTrace();
}
}
public void destroy()
{
// do nothing.
}
}
答案 0 :(得分:0)
您可能需要考虑ServletFilter并通过过滤器传递所有请求,如下所示:
在您的web.xml中
<filter>
<filter-name>secfilter</filter-name>
<filter-class>com.security.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>secfilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
请参阅此链接以获取更多filter configurations。
在过滤器类的doFilter中,检查会话是否过期。如果已过期,请重定向到您的主页。
我猜您可以使用this link作为参考。