同一个账号多处浏览器登录,查询相同的信息
解决办法:在登录的方法,先取全局变量的userName,同时判断一下和传下来参数是否一样,在return前在保存全局变量
在退出登录方法清除全局变量
@Autowired
private IUserService userService;
private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
private static final Logger log = Logger.getLogger(UserController.class);
/**
* 登录---帆-- 关注博主,获取更多解决漏洞的办法
* @param user
* @param request
* @param response
* @param session
* @param model
* @return
*/
@RequestMapping(value = "loginUser")//,method = RequestMethod.POST)//Spring MVC使用
public String loginUser(User user,HttpServletRequest request,HttpServletResponse response,HttpSession session,Model model) {
String format = sdf.format(new Date());
log.info("当前时间---->" + format);
if (request.getMethod().equals("GET")) {//Strtus2使用
return "error";
}else if (request.getMethod().equals("POST")) {//Strtus2使用
if (user != null) {
ServletContext application = request.getServletContext();
//在调用登录的接口前先取全局变量的登录账号,如果为空就没有登录过,如果不为空就和传回来的账号进行判断,如果一样就证明已经登录过了,直接return并提示
String userName = (String) application.getAttribute("userName");//今 天 妙 手
if (userName != null) {
if (userName.equals(user.getUserName())) {//用全局变量和传回来的账号进行判断
model.addAttribute("tip", "该用户已登录,请更换账号再试");
return "index";
}
}
List<User> u = userService.loginUser(user);
session.setAttribute("user", u.get(0));
model.addAttribute("user", u.get(0));
request.setAttribute("param", UUID.randomUUID().toString());
application.setAttribute("userName", u.get(0).getUserName());//保存全局变量
return "success";
}
}
return null;
}
/**
* 退出登录
* @param session
* @param request
* @param userName
*/
@RequestMapping(value = "outUserName",method = RequestMethod.POST)
public void outUserName(HttpSession session,HttpServletRequest request,String userName) {
System.out.println("没清除前----->" + sdf.format(new Date()) + "--->" + userName);
if (userName != null) {
session.removeAttribute("user");
ServletContext application = request.getServletContext();
application.removeAttribute("userName");
application.setAttribute("userName", null);
String name = (String) application.getAttribute("userName");
System.out.println("清除后----->" + sdf.format(new Date()) + "--->" + name);
}
}
在JSP的退出登录的方法或超时退出的方法中添加方法,同时把全局变量传回给后台
$(function(){
var t1 = 1 * 60 * 1000;
$("body").click(function(){
t1 = 1 * 60 * 1000;
});
Interval = setTimeout(setTimeOutRemoveUser,t1);
});
function setTimeOutRemoveUser(){
var timestamp = (new Date()).valueOf();
if(timestamp == null && timestamp.length == 0 && timestamp == ""){
return;
}else{
$.ajax({
type:'post',
url:'<%=path%>/uc/outUserName',
dataType:'',
data:{
"userName" : '${userName}',
"timestamp" : 'timestamp'
},
success:function(data){
window.location.href = "<%=path%>";
},
error:function(){
}
});
return;
}
}