我在jsp和servlet
我正在登录该页面,并将其重定向到homepage.jsp
在登录时,我在我的servlet login.java中按如下方式设置会话变量,如下所示:
HttpSession ss = rq.getSession(true);
ss.setAttribute("uid", rstusrdetail.getInt(1));
ss.setAttribute("username", rstusrdetail.getString(2));
我也有一个注销按钮,我的logout.java如下:
try {
HttpSession ss = rq.getSession(false);
if (ss.getAttribute("uid") == null || ss.getAttribute("username") == null ) {
rs.sendRedirect("/");
}
rs.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
rs.addHeader("Cache-Control", "post-check=0, pre-check=0");
rs.setHeader("Pragma", "no-cache");
rs.setDateHeader("Expires", 0);
HttpSession session = rq.getSession(false);
session.setAttribute("uid", null);
session.setAttribute("username", null);
session.invalidate();
rs.sendRedirect("/");
} catch (Exception exp) {
RequestDispatcher dd = rq.getRequestDispatcher("/");
dd.forward(rq, rs);
}
点击后退按钮退出后,会重定向到主页.jsp
如果我刷新,那么我将收到会话过期消息。如果我直接访问该页面,我也会收到会话过期消息。
如何点击后退按钮以使会话过期而不刷新,或者有没有办法在浏览器中禁用后退按钮?
答案 0 :(得分:3)
在每个需要登录的页面上添加以下代码:
HttpServletResponse httpResponse = (HttpServletResponse)response;
httpResponse.setHeader("Cache-Control","no-cache, no-store, must-revalidate");
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
httpResponse.setHeader("Pragma","no-cache");
httpResponse.setDateHeader ("Expires", 0);
if (session.getAttribute("uid") == null || session.getAttribute("username") == null ) {
response.sendRedirect("/invalidSession.jsp");
return;
}