我正在尝试在java中创建一个注销表单,我正在使用cookie。但问题是,当我按下后退按钮时,它会将我重定向到我不想要的最后一个安全页面。
这是我的代码: 小服务程序:
@WebServlet(name="LogOut", urlPatterns={"/LogOut"})
public class LogOut extends HttpServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse response1)
throws ServletException, IOException {
Cookie[] cookies = req.getCookies();
if(cookies != null){
for(Cookie cookie : cookies){
if(cookie.getName().equals(req.getSession().getAttribute("email"))){
System.out.println( req.getSession().getAttribute("email") +cookie.getValue());
}
cookie.setMaxAge(0);
response1.addCookie(cookie);
}
}
//invalidate the session if exists
HttpSession session = req.getSession(false);
System.out.println("User="+req.getSession().getAttribute("email"));
if(session != null){
session.invalidate();
}
//no encoding because we have invalidated the session
response1.sendRedirect("index.html");
}
}
filter:
@WebFilter("/NoCacheFilter")
public class NoCacheFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); //Proxies.
chain.doFilter(req, res);
}
}
JSP:
<form action="logout" method="post">
<a><button type = "submit" class = "myprofile>Deconectare</button></a>
</form>
的web.xml:
<servlet>
<servlet-name>logout</servlet-name>
<servlet-class>user.LogOut</servlet-class>
</servlet>
<filter>
<filter-name>nocachefilter</filter-name>
<filter-class>user.NoCacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>nocachefilter</filter-name>
<url-pattern>/logout</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>logout</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
有人可以帮助我吗?谢谢!
答案 0 :(得分:0)
问题是当你点击后退按钮时,页面是从缓存而不是浏览器加载的。 您可以使用此答案提供的解决方案来避免从缓存中加载:
Prevent user from seeing previously visited secured page after logout
您的servlet和过滤器应该是两个不同的类。 在您的情况下,您使用的是与Servlet和Filter相同的类。
<servlet-class>user.LogOut</servlet-class>
<filter-class>user.LogOut</filter-class>
创建一个Servlet类......以及该类的cookie逻辑。
public class LogOutServlet extends HttpServlet{
protected void doPost(HttpServletRequest req,
HttpServletResponse response1) throws ServletException, IOException {
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if(cookie.getName().equals(req.getSession().getAttribute("email"))) {
System.out.println(req.getSession().getAttribute("email")
+ cookie.getValue());
}
cookie.setMaxAge(0);
response1.addCookie(cookie);
}
}
}
你的web.xml为: 您必须分别为每个过滤器和servlet指定过滤器映射和servlet映射元素。在你的文件中,logout servlet缺少servlet-mapping,过滤器缺少filter-mapping。
<servlet>
<servlet-name>logout</servlet-name>
<servlet-class>user.LogOut</servlet-class>
</servlet>
<filter>
<filter-name>nocachefilter</filter-name>
<filter-class>user.NoCacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>nocachefilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>logout</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>