我有一种情况 - 在我退出页面后,如果有人在浏览器中单击“返回”按钮,它会自动再次进入后退页面。在 Logout.java (Servlet) 中我使用:
session.invalidate();
request.getRequestDispatcher("index.jsp").forward(request,response);
一切正常。但是在注销后,如果我在浏览器中单击“返回”按钮(左上角),它就会回到原来的位置。我想做的是,如果我单击返回,则必须说您的 session 已过期或登录或其他内容。怎么做。请提出您宝贵的建议。
我刚刚读到这篇文章并创建了一个 servlet FilterURL.java:
public class FilterURL extends HttpServlet implements Filter {
@Override
public void init(FilterConfig config) throws ServletException {
//
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse hsr = (HttpServletResponse) res;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(req, res);
}
@Override
public void destroy() {
//
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//
}
}
还有我的 web.xml:(在 web-app 下)
<filter>
<filter-name>FilterURL</filter-name>
<filter-class>com.filter.url.sys.FilterURL</filter-class>
</filter>
<filter-mapping>
<filter-name>FilterURL</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
但它不会工作。我错了什么?
我是从这几页读到的:
- How to use a servlet filter in Java to change an incoming servlet request url?
- Prevent user from seeing previously visited secured page after logout
- http://tutorials.jenkov.com/java-servlets/servlet-filters.html
- servlet session , after logout , when back button of browser is pressed , again the secure page is shown
最佳答案
在过滤器中
HttpSession session = request.getSession(false);
// don't create if it doesn't exist
if(session != null && !session.isNew()) {
chain.doFilter(request, response);
} else {
response.sendRedirect("/index.jsp");
}
关于jsp - 注销后如何保护我的帐户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16193455/