java 如何使浏览器会话无效
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5387632/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to invalidate browser session
提问by Warrior
How can I invalidate Browser Session. I am using JSP's.
In web.xmlthe session-timeoutis been set to 180 seconds and I want it like that only. But the problem is on some special occasion for some user's browser session need to be invalidated immediately right after a form submit.
如何使浏览器会话无效。我正在使用 JSP。在web.xml将session-timeout被设置为180秒,我想它像只。但问题是在某些特殊情况下,某些用户的浏览器会话需要在表单提交后立即失效。
I have used session.invalidate();to invalidate session and also used
我曾经session.invalidate();使会话无效并且还使用过
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
But, still when I click the back button it will take me to the same users session. Is this loading from browser cache?
但是,当我单击后退按钮时,它仍会将我带到同一个用户会话。这是从浏览器缓存加载吗?
This is what i have in my JSP :
这是我的 JSP 中的内容:
<head>
<script type="text/javascript">
function submitForm(){window.document.submitFrm.submit();}
</script>
</head>
<body onload="submitForm()">
<%String output = (String)(request.getAttribute("strOut"));
String hookUrl = (String)(request.getAttribute("hookUrl"));
System.out.println("hookUrl in cwsGroup.jsp : "+hookUrl);%>
<form method="post" action="<%=hookUrl%>" name="submitFrm" id="submitFrm">
<input type="hidden" name="cxml-urlencoded" value='<%=output%>' />
</form>
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader( "Expires", 0 );
session.removeValue("domineName");
session.invalidate();%>
</body>
Am I missing something?
我错过了什么吗?
回答by BalusC
Those headers are incomplete. This would only work in Internet Explorer, but would fail in others. The complete set is
那些标题是不完整的。这只能在 Internet Explorer 中工作,但在其他人中会失败。完整的集合是
response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires", 0);
And you also need to set them in the previousJSP pages as well. Calling this inside a JSP would only disable caching the currentJSP page. You need to copypaste it over all JSP pages (shudder). Or even better, use a Filterfor this which is mapped on *.jsp. For an example, see this answer.
并且您还需要在之前的JSP 页面中设置它们。在 JSP 中调用它只会禁用缓存当前JSP 页面。您需要将其复制粘贴到所有 JSP 页面上(不寒而栗)。或者甚至更好,Filter为此使用映射到*.jsp. 有关示例,请参阅此答案。
回答by developer
As you said, onclicking back button session is getting invalidate. SO please make session invalidate session on Back button event.
正如你所说,onclicking 后退按钮会话变得无效。所以请在返回按钮事件上使会话无效。
please add "<" ">"for first and lasr line in code snippet
请"<" ">"在代码片段中添加第一行和 lasr 行
<script type="text/javascript">
bajb_backdetect.OnBack = function()
{
alert('You clicked it!');
}
<script>
