验证码的失效处理

最新推荐文章于 2025-02-10 23:34:29 发布

rust小菜鸟

最新推荐文章于 2025-02-10 23:34:29 发布

阅读量2.1k

点赞数

分类专栏：记事文章标签： session 运维

本文链接：https://blog.csdn.net/tokyohuang123/article/details/107664573

版权

记事专栏收录该内容

21 篇文章

订阅专栏

仅仅做个笔记

public void generate(HttpServletResponse response){
		ByteArrayOutputStream output = new ByteArrayOutputStream();
		String code = drawImg(output);

		Subject currentUser = SecurityUtils.getSubject();
		final Session session = currentUser.getSession();
		session.setAttribute(Const.SESSION_SECURITY_CODE, code);

		System.out.println("验证码已经生成");
		Timer timer = new Timer();// 实例化Timer类
		timer.schedule(new TimerTask() {
			public void run() {
				session.removeAttribute(Const.SESSION_SECURITY_CODE);
				System.out.println("验证码过期");
				this.cancel();
			}
		}, 300000);// 这里百毫秒
		System.out.println("验证码将在5分钟后过期");

		try {
			ServletOutputStream out = response.getOutputStream();
			output.writeTo(out);
			out.close();
		} catch (IOException e) {
			//e.printStackTrace();
		}
	}

主要还是借助了session和定时任务
然后碰到问题了,用户注销后，
因为做了清除session操作
导致重写登录后有报错

	Exception in thread "Timer-1" org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated
	at org.apache.shiro.web.session.HttpServletSession.removeAttribute(HttpServletSession.java:167)
	at org.apache.shiro.session.ProxiedSession.removeAttribute(ProxiedSession.java:135)
	at com.fh.controller.system.secCode.SecCodeController$1.run(SecCodeController.java:56)
	at java.util.TimerThread.mainLoop(Timer.java:555)
	at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.IllegalStateException: getAttribute: Session already invalidated
	at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1145)
	at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:103)
	at org.apache.shiro.web.session.HttpServletSession.removeAttribute(HttpServletSession.java:163)
	... 4 more