为什么在 JAVA 中 session.invalidate() 之后 session 不为空?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24677949/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why session is not null after session.invalidate() in JAVA?
提问by Vishal Zanzrukia
I am facing very strange problem while developing JavaEE WEB Application.
我在开发 JavaEE WEB 应用程序时面临着非常奇怪的问题。
Even after invalidating the HttpSessionusing session.invalidate();, I am not getting session null. There is a case where I have one statement in execution like below after invalidating session.
即使在使HttpSessionusing无效之后session.invalidate();,我也没有得到 session null。有一种情况,在使会话无效后,我有一个语句正在执行,如下所示。
if (null != session && null != session.getAttribute("loginToken")){
//do something
}
I am not getting session null here so second condition will try to execute. And hence session is not null, so I am getting IllegalStateException- session is already invalidated. But why session is not null after invalidating it?? :(
我在这里没有得到 session null,所以第二个条件将尝试执行。因此 session 不为空,所以我得到IllegalStateException- session is already invalidated。但是为什么会话无效后不为空??:(
回答by Shivam Bansal
Try passing false as the parameter to the getSession(boolean) . This will give back a session if it exists or else it will return null.
尝试将 false 作为参数传递给 getSession(boolean) 。如果它存在,这将返回一个会话,否则它将返回 null。
HttpSession session = request.getSession(false);
if(session==null || !request.isRequestedSessionIdValid() )
{
//comes here when session is invalid.
}
回答by Pphoenix
The invalidate method does the following (from API):
invalidate 方法执行以下操作(来自API):
Invalidates this session then unbinds any objects bound to it.
Invalidates this session then unbinds any objects bound to it.
It says nothing about the HttpSession-object itself, but invalidates the session's variables. If you call a method of a class, it is impossible for the object to be nullafter that method call. If your session should be null afterwards, the method must include a line that looks something like: this = null;which would not be possible. Throwing an exception for an invalidated session is the prefered way to do it.
它没有说明HttpSession-object 本身,而是使会话的变量无效。如果调用类的方法,则对象不可能null在该方法调用之后。如果您的会话之后应该为空,则该方法必须包含如下所示的行:this = null;这将是不可能的。为无效会话抛出异常是首选方法。
回答by Adriaan Koster
Calling session.invalidate()removes the session from the registry. Calling getSession(false)afterwards will return null (note that getSession()or getSession(true)will create a new session in this case). Calling invalidate()will also remove all session attributes bound to the session. However if your code still has references to the session or any of its attributes then these will still be accessible:
调用session.invalidate()将从注册表中删除会话。getSession(false)之后调用 将返回 null(请注意,在这种情况下,getSession()orgetSession(true)将创建一个新会话)。调用invalidate()还将删除绑定到会话的所有会话属性。但是,如果您的代码仍然引用了会话或其任何属性,那么这些仍然可以访问:
// create session if none exists (default) and obtain reference
HttpSession session = request.getSession();
// add a session attribute
session.setAttribute("lollypop", "it's my party");
// obtain reference to session attribute
Object lollypop = session.getAttribute("lollypop");
// print session ID and attribute
System.out.println(session.getId());
System.out.println(lollypop);
session.invalidate();
// session invalidated but reference to it still exists
if (session == null) {
System.out.println("This will never happen!");
}
// print ID from invalidated session and previously obtained attribute (will be same as before)
System.out.println(session.getId());
System.out.println(lollypop);
// print 'null' (create=false makes sure no new session is created)
System.out.println(request.getSession(false));
Example output:
示例输出:
1k47acjdelzeinpcbtczf2o9t
it's my party
1k47acjdelzeinpcbtczf2o9t
it's my party
null
So far for the explanation. To solve your problem you should do:
到此为止的解释。要解决您的问题,您应该这样做:
HttpSession existingSession = request.getSession(false);
if (existingSession != null && existingSession.getAttribute("loginToken") != null){
//do something
}
