当用户登录时,将存储会话信息。当用户注销时,会话信息将被删除。但是当我点击浏览器的后退按钮时,会显示用户信息。由于会话已消失,但我们无法确定是否执行了用户登录操作。我该如何解决这个问题?
----------------------------log out ------------------------------- @RequestMapping(value="logout.htm",method = RequestMethod.GET) public void logOut(HttpSession session,HttpServletResponse response,HttpServletRequest request) throws IOException{ final String refererUrl = request.getHeader("Referer"); response.setHeader(refererUrl, "no-cache"); response.setHeader("Cache-Control", "no-cache"); response.setDateHeader("Expires", 0); session.removeAttribute("user"); session.invalidate(); response.sendRedirect("index.htm"); } ---------------------------------- login --------------- @RequestMapping(value="/userLogin",method=RequestMethod.POST) public @ResponseBody JsonResponse login(@ModelAttribute(value="user") User user, BindingResult result,HttpServletRequest request,HttpSession session,ModelMap model) throws UnsupportedEncodingException{ JsonResponse res = new JsonResponse(); if(!result.hasErrors()&& userService.findUser(user, request)){ res.setStatus("SUCCESS"); session.setAttribute("user", new String(user.getUsername().getBytes("iso- 8859-1"), "UTF-8")); } else{ res.setStatus("FAIL"); result.rejectValue("username","1"); res.setResult(result.getAllErrors()); } return res; } --------------------------profile -------------------------------------- @RequestMapping(value="myProfile.htm",method = RequestMethod.GET) public String showmyProfile(@ModelAttribute(value="addUser") User user,Model model,HttpServletRequest request, HttpServletResponse response, HttpSession session) throws IOException{ if(session.getAttribute("user")== null){ response.sendRedirect("index"); }
我用这种方法。首先创建一个实现Filter的类并重写doFilter()方法。doFilter()的代码是:
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse hsr = (HttpServletResponse) res; hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0. hsr.setDateHeader("Expires", 0); // Proxies. chain.doFilter(req, res); }
之后在web.xml中使用过滤器。这个过滤器就是这个。
<filter> <filter-name>noCacheFilter</filter-name> <filter-class>com.example.NoCacheFilter</filter-class> </filter> <filter-mapping> <filter-name>noCacheFilter</filter-name> <url-pattern>/secured/*.jsp</url-pattern>// urls that not cached </filter-mapping>