Java为什么我的会话没有被销毁

时间:2017-10-22 20:01:37

标签: java session

我正在尝试注销用户并通过让用户单击指向未映射到servlet的jsp的链接来销毁会话。

在我的logout.jsp中,我有以下内容(自发布后编辑添加删除但仍未清除会话)

<%
  session.removeAttribute("loggedin");
  session.removeAttribute("loggedUsrID");
  session.removeAttribute("loggedUsrFName");
  session.invalidate();
  response.sendRedirect(request.getContextPath());
%>

点击后我被重定向到index.jsp,但是当我关闭浏览器然后再次在netbeans中启动应用程序并点击链接时,我在地址栏中看到以下内容

http://localhost:8084/myapp/register.jsp;jsessionid=0002B8466FB3CC578C56E61017E9FD3C

为了完整性,我将包括用户控制器的一部分,该部分登录用户并设置会话以防我在那里做错了

//Handle User Login
private String logInToSite(HttpServletRequest request,
        HttpServletResponse response) {

    String url;        
    String message;
    // get values from form
    String pNum = request.getParameter("phoneNumber");
    String upwd = request.getParameter("password");

    //validate the values to check for empty values in case JS registration check has failed.
    if(pNum.length()==0 ||upwd.length()==0){
        message="You have not filled out the required fields.";
        request.setAttribute("message", message);
        url = "/login.jsp";
        return url;
    }

    //Format the phone number
    String mPNum=UserDB.formatPhoneNumber(pNum);
    User user = UserDB.loginUser(mPNum, upwd);

    if(user==null){
        message="User null";
        request.setAttribute("message", message);
        url = "/loginerror.jsp";
    }else{
        String hpwd = user.getPwd();
        if(BCrypt.checkpw(upwd, hpwd)==false){
           message="password didn't match";
           request.setAttribute("message", message);
           url="/loginerror.jsp";               
        }
        else{
            boolean logged=false;
            HttpSession session = request.getSession();
           session.setAttribute("loggedUsrID", user.getUserID());
           session.setAttribute("loggedUsrFName", user.getFName());
           session.setAttribute("loggedin",logged=true);
           url="/schedule/welcome.jsp";
        }
    }      
    return url;
}

1 个答案:

答案 0 :(得分:0)

我正在为我的项目执行类似的注销jsp。我的JSP的整个内容只有这个:

<%
    session.invalidate();
    response.sendRedirect(request.getContextPath());
%>

确保您未在​​logout.jsp

中引用您网站上的任何其他内容,例如CSS或JavaScript