通常情况下,java web项目都是通过过滤器来判断session是否失效。下面做了一个例子,实现过滤器验证用户的会话是否丢失。
web.xml中的配置:
- <filter>
- <filter-name>filter</filter-name>
- <filter-class>com.zyujie.common.LoginFilter</filter-class>
- </filter>
- <!-- servlet规范,不能以/*.jsp这样的结尾,写全,或者写成/app/*,这样的才行 -->
- <filter-mapping>
- <filter-name>filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <session-config>
- <session-timeout>1</session-timeout>
- </session-config>
过滤器类:
- package com.zyujie.common;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class LoginFilter implements Filter {
- public void destroy() {
- // TODO Auto-generated method stub
- }
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
- // TODO Auto-generated method stub
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
- HttpSession session = request.getSession();
- // 如果session不为空,则可以浏览其他页面
- String url = request.getServletPath();
- System.out.println(url);
- //这里判断目录,后缀名,当然也可以写在web.xml中,用url-pattern进行拦截映射
- if ((!request.getServletPath().equals("/login.action"))
- && (!request.getServletPath().equals("/login.jsp"))
- && (!request.getServletPath().equals("/relogin.jsp"))
- && (!request.getServletPath().equals("/jquery-1.8.0.min.js"))) {
- System.out.println(request.getServletPath());
- if (session.getAttribute("userInfo") == null) {
- session.invalidate();
- response.setContentType("text/html;charset=gb2312");
- PrintWriter out = response.getWriter();
- out.println("<script language='javascript' type='text/javascript'>");
- out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='" + request.getContextPath() + "/relogin.jsp'");
- out.println("</script>");
- } else {
- chain.doFilter(request, response);
- }
- } else {
- chain.doFilter(request, response);
- }
- }
- public void init(FilterConfig arg0) throws ServletException {
- // TODO Auto-generated method stub
- }
- }
做了一个测试:所有的ajax请求,都不能过滤,也不知道为什么。如果ajax要进行session判断的话,可以通过拦截器:代码如下:(ajax请求不能跳转页面,不知道怎么实现这种ajax请求,session丢失,页面跳转。)
struts2配置,拦截器:
- <package name="myInterceptors" namespace="/system/login" extends="struts-default">
- <interceptors>
- <interceptor name="timer" class="com.zyujie.common.TimerInterceptor" />
- <interceptor name="logger" class="com.zyujie.common.LoggerInterceptor" />
- <interceptor name="sessionFilter" class="com.zyujie.common.SessionFilterInterceptor" />
- </interceptors>
- <action name="userLogin" class="userLoginAction" method="userLogin">
- <interceptor-ref name="logger" />
- <interceptor-ref name="timer" />
- <result name="input" type="redirect">/login.jsp</result>
- <result name="success" type="redirect">/ok.jsp</result>
- </action>
- <action name="getSession" class="userLoginAction" method="getSession">
- <result name="input" type="redirect">/login.jsp</result>
- </action>
- <action name="reLogin" class="userLoginAction" method="reLogin">
- <result name="input" type="redirect">/relogin.jsp</result>
- <result name="success" type="redirect">/ok.jsp</result>
- </action>
- <action name="testSession" class="userLoginAction" method="testSession">
- <interceptor-ref name="sessionFilter" />
- <result name="input" type="redirect">/login.jsp</result>
- <result name="success" type="redirect">/ok.jsp</result>
- </action>
- </package>
拦截类:
- package com.zyujie.common;
- import java.io.PrintWriter;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import org.apache.struts2.ServletActionContext;
- import com.opensymphony.xwork2.Action;
- import com.opensymphony.xwork2.ActionInvocation;
- import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
- public class SessionFilterInterceptor extends AbstractInterceptor {
- @Override
- public String intercept(ActionInvocation invocation) throws Exception {
- HttpSession session = ServletActionContext.getRequest().getSession();
- if(session.getAttribute("userInfo") == null){
- // HttpServletResponse response = ServletActionContext.getResponse();
- // ServletActionContext.getResponse().sendRedirect(Action.INPUT);
- // session.invalidate();
- // response.setContentType("text/html;charset=gb2312");
- // PrintWriter out = response.getWriter();
- // out.println("<script language='javascript' type='text/javascript'>");
- // out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='/login.jsp'");
- // out.println("</script>");
- // return "none";
- return Action.INPUT;
- }else{
- return invocation.invoke();
- }
- }
- }
对于ajax的请求,不能跳转页面。很多人说的,还是只有在页面端判断返回值,进行跳转。