1. 首页
  2. 问答
  3. 当用户点击后退按钮时,会话过期如果银行网站退出

当用户点击后退按钮时,会话过期如果银行网站退出

2012-11-05 73 views
0

我在登录时将会话ID存储在数据库中,并在访问不同页面时参考相同。会话在一段时间后过期,因为我已经计算了每个页面中的会话ID。现在,我的问题是注销。当我点击注销时,如果从菜单中选择任何内容会导致会话过期,它将以用户的方式工作。但是,如果他点击返回按钮,它会将他带到上一页,因为会话从未注销/过期。如何防止这个页面显示在后退按钮上?当用户点击后退按钮时,会话过期如果银行网站退出

注 - 在注销时,我创建了一个新会话并用它替换了旧会话。以下是我的代码 -

import java.io.IOException; 
import java.io.PrintWriter; 
import java.sql.*; 
import java.net.*; 

import javax.servlet.ServletException; 
import javax.servlet.http.HttpServlet; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

import java.io.*; 
import javax.servlet.*; 
import javax.servlet.http.*; 


//public class LoginToApp extends HttpServlet { 
public class LogoutApp extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet { 

    private ServletConfig config; 

     public void init(ServletConfig config) 
      throws ServletException{ 
      //this.config=config; 
      super.init(config); 
    } 

public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 

     response.setContentType("text/html"); 

     HttpSession session = request.getSession(); 
     String sessionID; 
     String oldsessionID = request.getParameter("sessionID"); 
     System.out.println("Path Info"+oldsessionID); 
     Date createTime; 
     Date lastAccessTime; 
     long initialtime; 

     if(session.isNew()){ 
      System.out.println("New session created by default"); 
      request.getSession(true); 
      sessionID = session.getId(); 
      createTime = new Date(session.getCreationTime()); 
      lastAccessTime = new Date(session.getLastAccessedTime()); 
      initialtime = System.currentTimeMillis(); 
     }else{ 
      System.out.println("You have created a new session"); 
      session.invalidate(); 
      session = request.getSession(true); 
      sessionID = session.getId(); 
      createTime = new Date(session.getCreationTime()); 
      lastAccessTime = new Date(session.getLastAccessedTime()); 
      initialtime = System.currentTimeMillis(); 
     } 

     try{ 
        //java.sql.Statement theStatement=null; 
        java.sql.ResultSet theResultSet=null; 
        /* Create string of connection url within specified format with machine name, port number and database name. Here machine name id localhost and database name is student. */ 
        String connectionURL = "jdbc:jtds:sqlserver://localhost/AUTOUDB"; 
        // declare a connection by using Connection interface 
        Connection theConnection = null; 
        // declare object of Statement interface that uses for executing sql statements. 
        PreparedStatement thePreparedStatement = null; 
        // Load JBBC driver "com.mysql.jdbc.Driver" 
        Class.forName("net.sourceforge.jtds.jdbc.Driver"); 
        int updateQuery = 0; 

         try{ 
          /* Create a connection by using getConnection() method that takes parameters of string type connection url, user name and password to connect to database. */ 
          theConnection = DriverManager.getConnection(connectionURL, "sa", "islemm*03"); 
          // sql query to insert values in the secified table. 
          String queryString = "Update LOGIN set SESSID = ? where SESSID LIKE ?"; 
          thePreparedStatement = theConnection.prepareStatement(queryString); 
          thePreparedStatement.setString(1,sessionID); 
          thePreparedStatement.setString(2,oldsessionID); 
          thePreparedStatement.executeUpdate(); 

          System.out.println("Old Session ID : " +oldsessionID+ " New Session ID."+sessionID); 
          session.removeAttribute("oldsessionID"); 
          response.setHeader("Cache-Control", "no-cache, no-store"); 
          response.setHeader("Pragma", "no-cache"); 
          response.setHeader("Expires","0"); 
          response.setDateHeader("Expires",-1); 
          request.getSession().invalidate(); 
          //response.sendRedirect("http://qtp.in.ibm.com:8080/automationutil/pages/loggedOut.jsp"); 

          Cookie[] cookies = request.getCookies(); 
           if (cookies != null) 
            for (int i = 0; i < cookies.length; i++) { 
             cookies[i].setValue(""); 
             cookies[i].setPath("/"); 
             cookies[i].setMaxAge(0); 
             response.addCookie(cookies[i]); 
             } 


          response.sendRedirect("/pages/login.html"); 

         }catch (Exception e) { 
          e.printStackTrace(); 
         }finally { 
          // close all the connections. 
          thePreparedStatement.close(); 
          theConnection.close(); 
          System.out.println("Disconnected from database in finally."); 
         } 


       // theResultSet.close();//Close the result set 
       // theStatement.close();//Close statement 
        theConnection.close(); //Close database Connection 
        System.out.println("Disconnected from database"); 


       }catch(Exception e){ 
        System.out.println(e.getMessage());//Print trapped error. 
        e.printStackTrace(); 
       } 


    } 


    public void destroy() 
     { 
      // do nothing. 
     } 



}

来源

2012-11-05 anujin

回答

0

你可能要考虑一个ServletFilter并通过过滤器的所有请求通过在:

在web.xml

<filter> 
    <filter-name>secfilter</filter-name> 
    <filter-class>com.security.SecurityFilter</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>secfilter</filter-name> 
    <url-pattern>*</url-pattern> 
</filter-mapping>

参考此链接更多filter configurations

并在您的过滤器类的doFilter中,检查会话是否过期。如果过期,请重定向到您的主页。

我想你可以用this link作为参考。

来源

2012-11-05 04:30:25

+0

一定要看看它。但是如果您的某些页面是纯JSP,那么该怎么办? – anujin

+0

URL patter *将应用于您的Web应用程序的所有请求。您的JSP没有特别的需求 –

相关问题

 相关问题