在login.jsp页面添加如下代码即可:
<script language="javascript">
if (top.location != self.location){
top.location=self.location;
}
</script>
注:session失效时间设置:在web工程的web.xml里添加:
<session-config>
<session-timeout>1</session-timeout>
</session-config>