当用户在退出后点击返回按钮,如银行网站时,会话如何到期

时间:2012-11-05 04:18:38

标签: java servlets logout

我在登录时将会话ID存储在数据库中,并在访问不同页面时引用它。会话在一段时间后到期,因为我已经计算了每个页面中的会话ID。现在,我的问题是退出。当我单击注销时,它以一种用户的方式工作,如果从菜单中选择任何东西会使会话过期。但如果他点击后退按钮,则会将他带到上一页,因为会话从未退出/过期。如何防止这个页面显示在后退按钮上?

注意 - 在注销时,我创建了一个新会话并用它替换了旧会话。以下是我的代码 -

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import java.net.*;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;


//public class LoginToApp extends HttpServlet {
public class LogoutApp extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {

    private ServletConfig config;

        public void init(ServletConfig config)
            throws ServletException{
            //this.config=config;
            super.init(config);
   }

public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        response.setContentType("text/html");

        HttpSession session = request.getSession();
        String sessionID;
        String oldsessionID = request.getParameter("sessionID");
        System.out.println("Path Info"+oldsessionID);
        Date createTime;
        Date lastAccessTime;
        long initialtime;

        if(session.isNew()){
            System.out.println("New session created by default");
            request.getSession(true);
            sessionID = session.getId();
            createTime = new Date(session.getCreationTime());
            lastAccessTime = new Date(session.getLastAccessedTime());
            initialtime = System.currentTimeMillis();
         }else{
            System.out.println("You have created a new session");
            session.invalidate();
            session = request.getSession(true);
            sessionID = session.getId();
            createTime = new Date(session.getCreationTime());
            lastAccessTime = new Date(session.getLastAccessedTime());
            initialtime = System.currentTimeMillis();
         }

        try{
                    //java.sql.Statement theStatement=null;
                    java.sql.ResultSet theResultSet=null;
                    /* Create string of connection url within specified format with machine name, port number and database name. Here machine name id localhost and database name is student. */
                    String connectionURL = "jdbc:jtds:sqlserver://localhost/AUTOUDB";
                    // declare a connection by using Connection interface
                    Connection theConnection = null;
                    // declare object of Statement interface that uses for executing sql statements.
                    PreparedStatement thePreparedStatement = null;
                    // Load JBBC driver "com.mysql.jdbc.Driver"
                    Class.forName("net.sourceforge.jtds.jdbc.Driver");
                    int updateQuery = 0;

                        try{
                            /* Create a connection by using getConnection() method that takes parameters of string type connection url, user name and password to connect to database. */
                            theConnection = DriverManager.getConnection(connectionURL, "sa", "islemm*03");
                            // sql query to insert values in the secified table.
                            String queryString = "Update LOGIN set SESSID = ? where SESSID LIKE ?";
                            thePreparedStatement = theConnection.prepareStatement(queryString);
                            thePreparedStatement.setString(1,sessionID);
                            thePreparedStatement.setString(2,oldsessionID);
                            thePreparedStatement.executeUpdate();

                            System.out.println("Old Session ID : " +oldsessionID+ " New Session ID."+sessionID);
                            session.removeAttribute("oldsessionID");
                            response.setHeader("Cache-Control", "no-cache, no-store");
                            response.setHeader("Pragma", "no-cache");
                            response.setHeader("Expires","0");
                            response.setDateHeader("Expires",-1);
                            request.getSession().invalidate();
                            //response.sendRedirect("http://qtp.in.ibm.com:8080/automationutil/pages/loggedOut.jsp");

                            Cookie[] cookies = request.getCookies();
                                if (cookies != null)
                                    for (int i = 0; i < cookies.length; i++) {
                                        cookies[i].setValue("");
                                        cookies[i].setPath("/");
                                        cookies[i].setMaxAge(0);
                                        response.addCookie(cookies[i]);
                                        }


                            response.sendRedirect("/pages/login.html");

                        }catch (Exception e) {
                            e.printStackTrace();
                        }finally {
                            // close all the connections.
                            thePreparedStatement.close();
                            theConnection.close();
                            System.out.println("Disconnected from database in finally.");
                        }


                //  theResultSet.close();//Close the result set
                //  theStatement.close();//Close statement
                    theConnection.close(); //Close database Connection
                    System.out.println("Disconnected from database");


                }catch(Exception e){
                    System.out.println(e.getMessage());//Print trapped error.
                    e.printStackTrace();
                }


    }


    public void destroy()
      {
          // do nothing.
      }



}

1 个答案:

答案 0 :(得分:0)

您可能需要考虑ServletFilter并通过过滤器传递所有请求,如下所示:

在您的web.xml中

<filter>
    <filter-name>secfilter</filter-name>
    <filter-class>com.security.SecurityFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>secfilter</filter-name>
    <url-pattern>*</url-pattern>
</filter-mapping>

请参阅此链接以获取更多filter configurations

在过滤器类的doFilter中,检查会话是否过期。如果已过期,请重定向到您的主页。

我猜您可以使用this link作为参考。