java httpsession 是否有效?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6711004/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
java httpsession is valid?
提问by Matteo
i'm using java servlet in tomcat. i save in a hash table the username and the httpsession with the attribute usrname i would like to know if there is a way to know if the httpsession is valid.
我在 tomcat 中使用 java servlet。我将用户名和 httpsession 与属性 usrname 保存在哈希表中,我想知道是否有办法知道 httpsession 是否有效。
i tried:
我试过:
try{
String user = httpSession.getAttribute("username")
return "is valid";
}catch(IllegalStateException e){
return "is not valid";
}
tnks for the answer, but how can i do if i don't wont that a "logged" user connect from more the one place? if i controll only if i create a new session i can't know if he was connect whit another session.
tnks 的答案,但如果我不希望“登录”用户从更多的地方连接,我该怎么办?如果我仅在创建新会话时进行控制,我就无法知道他是否连接到另一个会话。
回答by Sean
No need to store the httpSession in your own hash.
无需将 httpSession 存储在您自己的哈希中。
Look at the api for the HttpServletRequest. If you look at getSession(Boolean x)(pass false so it doesnt create a new session) will determine if the session is valid. Here is an example
查看HttpServletRequest的 api 。如果您查看getSession(Boolean x)(传递 false 因此它不会创建新会话)将确定会话是否有效。这是一个例子
public void doGet(HttpServletRequest req, HttpServletResponse res){
HttpSession session = req.getSession(false);
if(session == null){
//valid session doesn't exist
//do something like send the user to a login screen
}
if(session.getAttribute("username") == null){
//no username in session
//user probably hasn't logged in properly
}
//now lets pretend to log the user out for good measure
session.invalidate();
}
On a side note, If I read your question properly and you are storing the information in your own map, you need to be careful that you don't create a memory leak and are clearing the entries out of the hash table yourself.
附带说明一下,如果我正确阅读了您的问题并且您将信息存储在自己的地图中,则需要注意不要造成内存泄漏并自己清除哈希表中的条目。
回答by Cygnusx1
I agree with Sean. I will add that a good practice for this type of checking is to use a Filter
我同意肖恩。我要补充的是,这种类型的检查的一个好习惯是使用过滤器
See here Servlet Filter
请参阅此处的Servlet 过滤器
Just take the code Sean have written and put it in a Filter instead. Define you filter in the web.xml and every time a request come in, the filter will execute.
只需将 Sean 编写的代码放入过滤器中即可。在 web.xml 中定义过滤器,每次请求进来时,过滤器都会执行。
This way you can validate if the user is auth. without cluttering your servlet code.
这样您就可以验证用户是否为 auth。不会弄乱您的 servlet 代码。
回答by Terrell Plotzki
Rather than checking if a saved session is valid, you should be looking at the HttpServletRequeston your servlet, and checking isRequestedSessionIdValid()on that. When working in servlets you can always get Sessionfrom the Request, rather than saving it to a hash table.
与其检查保存的会话是否有效,不如查看HttpServletRequestservlet 上的 并检查isRequestedSessionIdValid()它。在 servlet 中工作时,您始终可以Session从 中获取Request,而不是将其保存到哈希表中。
