How to validate/invalidate sessions jsp/servlets?

2019-01-14 04:14发布

I opened the session in my servlet when the user performed a successful login:

HttpSession session = request.getSession(true);
session.setAttribute("name", name);

then I wrote in the logout.jsp to terminate the session:

<%session.invalidate();%>

To check if a session is valid I am doing this:

HttpSession session = request.getSession();
String name = (String) session.getAttribute("name");

But it is not working, I am getting the session valid even after the session.invalidate. Does anyone understand where am I doing wrong?

标签： jsp session servlets invalidate

2条回答

Ridiculous、

2楼-- · 2019-01-14 04:18

To Validate the Session

HttpSession session = request.getSession(true);
session.setAttribute("name", name);

To invalidate it you need to do

session.removeAttribute("name");
session.invalidate();

But you need to keep one thing in mind that the object may became invalid but this doesnot mean that it will cleaned immediately, even after invalidating it after all its attributes gone it is possible that sesssion object will get reused, I got the same user ID and creation time.

0人赞添加讨论(0) 举报

贪生不怕死

3楼-- · 2019-01-14 04:30

you should call session.getSession(false) - which returns null if there is no current session.

according to docs

HttpSession#getSession(boolean create) - create - true to create a new session for this request if necessary; false to return null if there's no current session.

So the correct way of session value check would -

HttpSession session = request.getSession(false);
if(session!=null)
  session.setAttribute("name", name);

and once you invalidate the session -

HttpSession session = request.getSession(false);
if(session!=null)
session.invalidate();

0人赞添加讨论(0) 举报

How to validate/invalidate sessions jsp/servlets?

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间