我正在尝试为JSP项目执行servlet过滤器。我想要做的是禁止用户在注销后返回上一页。我遵循了这个教程:
Prevent user from seeing previously visited secured page after logout
所以我把这个java文件作为我的Filter类(文件名是LogoutFilter.java):
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LogoutFilter implements Filter {
FilterConfig config;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletResponse hsr = (HttpServletResponse) res;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig config) throws ServletException {
// TODO Auto-generated method stub
this.config = config;
}
}
我还在我的web.xml页面中添加了过滤条目。并且过滤器正常工作,因为我已经检查了它,但后退按钮仍然在退出后将其恢复到上一页。
这是我的退出页面,其中" admin_name"是我在登录期间添加到会话属性的变量。
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page session="false" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
HttpSession session = request.getSession(false);
String admin_name = (String)session.getAttribute("admin_name");
session.invalidate();
admin_name="";
response.sendRedirect("admin_login.jsp");
%>
</body>
</html>
我无法理解我做错了什么。