//In every servlet, check whether Session is null or not. If session is not null then only do the request processing else redirect to login page.
HttpSession session = request.getSession();
if(Session !=null)
{
try
{
// acutal servlet actions
}else
{
// redirect to login page
}
//Also it would be good if you add null check for session in your above code.
HttpSession session = request.getSession();
if(session !=null)
try
{
session.removeAttribute("logonData");//logonData,such as user and so on
session.invalidate();
// redirect tologin page
catch (Exception sqle)
{
// ...
}
}else
{
//session already null/ expired
}
ps: below is something from session api
void invalidate()
Invalidates this session then unbinds any objects bound to it.
Throws:
IllegalStateException - if this method is called on an already invalidated session
void removeAttribute(String name)
Removes the object bound with the specified name from this session. If the session does not have an object bound with the specified name, this method does nothing.
After this method executes, and if the object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueUnbound. The container then notifies any HttpSessionAttributeListeners in the web application.
Parameters:
name - the name of the object to remove from this session
Throws:
IllegalStateException - if this method is called on an invalidated session
3522
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
