碼上歡樂
相關內容    簡體    繁體

javaweb之session過期驗證

本文轉載自   查看原文   2016-08-27 18:40   8913    javaweb之session過期驗證

session過期判斷的基本思想:用戶登錄成功后,將用戶賬號信息保存在session中,然后幾乎每次執行命令都要經過過濾器,過濾器檢查session中是否存在賬號,若不存在,

則返回登錄頁面,反之正常執行。

1、web.xml中添加

<filter><!-- 配置過濾器,用來檢查session中是否存在用戶登錄賬號信息 -->
    <filter-name>ChkSessionFilter</filter-name>
    <filter-class>com.um.core.filter.LoginFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>ChkSessionFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
<!-- 配置session過期時間 -->
<session-config>
<session-timeout>20</session-timeout>
</session-config>
<welcome-file-list>

 

 

2、fiter

 package com.um.core.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.um.core.controller.BaseController;

/**
 * 登錄驗證過濾器
 */
public class LoginFilter extends BaseController implements Filter {

    /**
     * 初始化
     */
    public void init(FilterConfig fc) throws ServletException {
        // FileUtil.createDir("d:/FH/topic/");
    }

    public void destroy() {

    }

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String[] notFilter = new String[] { "userLogin","js","xml","css","demo","img","images","fonts","common","gateway","payCallback","toOrderPage","show_order"};//過濾字段、路徑。。。。。。
        String urlPath = request.getServletPath();
        Boolean flg = false;
        for (String url : notFilter) {
            if ((urlPath.contains(url))) {
                flg = true;
            }
        }
        if(flg){
            chain.doFilter(req, res);
        }else{
            HttpSession session = request.getSession();
            String UID = (String) session.getAttribute("UID"); //登錄成功將登錄ID放入session中,這里將session取出對比
            if (null == UID||"".equals(UID)) {
                logger.warn("用戶登錄超時或未登錄,請重新登錄!");
                java.io.PrintWriter out = response.getWriter();  
                out.println("<html>");  
                out.println("<script>");  
                out.println("window.open ('"+request.getContextPath()+"/login.jsp','_top')");  
                out.println("</script>");  
                out.println("</html>");  
                return;
                
            }else {
                chain.doFilter(req, res);
            }
        }
        
    }
}

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Javaweb設置session過期時間 【學習筆記】【Javaweb】二、Session對象過期時間三種設置方法、Session失效監聽器 JavaWeb Session javaWEB與Session session超時和cookie過期 session怎么配置過期時間 如何使Session永不過期 設置session過期時間 關於Session過期和失效 Session過期和清除緩存 .
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM