1、思路:使用拦截器。获取session的id和登录用户的id存入数据库,在登录时存入,下一次登录时更新session的id。在拦截器中比较session的id是否相同。
2、注意事项:
(1)、拦截器返回中文时会乱码,可以加编码格式,但是一定要和页面的编码格式一致
(2)、登录方法要和跳初始页面的方法分开,不然没办法往数据库中填数据。
(3)、controller跳controller传值最好放session里,不然会在地址栏显示。controller重定向到页面,可以用request.setAttribute();
3、部分代码:
(1)、存数据库
//设置usersession,只允许一个用户登录
@RequestMapping( value = "setUserSession")
private void setUserSession(UserLogin userLogin , HttpServletRequest request) {
UserSession userSession = userSessionService.selectByUserId(userLogin.getId().toString()) ;
String sessionId = request.getSession().getId() ;
if ( null == userSession) {
userSession = new UserSession() ;
userSession.setUserId(Long. parseLong(userLogin.getId().toString())) ;
userSession.setSessionId(sessionId) ;
userSessionService.save(userSession) ;
} else {
userSession.setSessionId(sessionId) ;
userSessionService.update(userSession) ;
}
request.getSession().setAttribute( "userLoginId" , userLogin.getId().toString()) ;
request.getSession().setAttribute( "userSessionId" , userSession.getSessionId()) ;
@RequestMapping( value = "setUserSession")
private void setUserSession(UserLogin userLogin , HttpServletRequest request) {
UserSession userSession = userSessionService.selectByUserId(userLogin.getId().toString()) ;
String sessionId = request.getSession().getId() ;
if ( null == userSession) {
userSession = new UserSession() ;
userSession.setUserId(Long. parseLong(userLogin.getId().toString())) ;
userSession.setSessionId(sessionId) ;
userSessionService.save(userSession) ;
} else {
userSession.setSessionId(sessionId) ;
userSessionService.update(userSession) ;
}
request.getSession().setAttribute( "userLoginId" , userLogin.getId().toString()) ;
request.getSession().setAttribute( "userSessionId" , userSession.getSessionId()) ;
}
(2)、拦截器
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String url = "http://3dsw.dongao.com/sw/"; String userLoginId = (String) request.getSession().getAttribute("userLoginId"); if (null != userLoginId && !("").equals(userLoginId)){ String userSessionId = (String)request.getSession().getAttribute("userSessionId"); if (null != userSessionId && !("").equals(userSessionId)){ // 判断sessionid是否一致 UserSession userSession = userSessionService.selectByUserId(userLoginId); response.setContentType("text/html;charset=utf-8"); if (userSession.getSessionId().equals(userSessionId)) { //同一浏览器多账号登陆问题 String userAuthorityStr = request.getParameter("userAuthorityId"); if (null != userAuthorityStr && !("").equals(userAuthorityStr)){ byte[] base64Jm = DESCoder.decryptBASE64(userAuthorityStr); byte[] outputData = DESCoder.decrypt(base64Jm, Constants.SW_KEY); String userAuthorityId = new String(outputData); UserAuthority ua = userAuthorityService.load(Long.valueOf(userAuthorityId)); if ((ua.getUserId().toString()).equals(userLoginId)){ request.setAttribute("msg",""); return true; }else { response.sendRedirect(url); return false; } } String userId = request.getParameter("userId"); if (null != userId && !("").equals(userId)){ if (userId.equals(userLoginId)){ request.setAttribute("msg",""); return true; }else { response.sendRedirect(url); return false; } } request.setAttribute("msg", ""); return true; } else { request.setAttribute("msg", "账号已在别处登录!"); return true; } }else{ request.setAttribute("msg", ""); return true; } } request.setAttribute("msg", ""); return true; }
(3)、xml中拦截器的定义
<!-- 权限拦截 --> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/"/> <mvc:exclude-mapping path="/css/**"/> <mvc:exclude-mapping path="/js/**"/> <mvc:exclude-mapping path="/js/kindeditor/jsp/**"/> <mvc:exclude-mapping path="/images/**"/> <mvc:exclude-mapping path="/index/**"/> <mvc:exclude-mapping path="/cacheMonitor/**"/> <mvc:exclude-mapping path="/WEB-INF/view/common/**"/> <mvc:exclude-mapping path="/favicon.ico"/> <mvc:exclude-mapping path="/userauthority/**"/> <mvc:exclude-mapping path="/role/**"/> <mvc:exclude-mapping path="/login/login"/> <mvc:exclude-mapping path="/login/loginBox"/> <mvc:exclude-mapping path="/login/v1/practice"/> <mvc:exclude-mapping path="/login/setUserSession"/> <mvc:exclude-mapping path="/index.ftl"/> <mvc:exclude-mapping path="/login/checkMsg"/> <bean id="perInterceptor" class="com.dongao.core.myinterceptor.sessionInterceptor" /> </mvc:interceptor>