通常情况下,java web项目都是通过过滤器来判断session是否失效。下面做了一个例子,实现过滤器验证用户的会话是否丢失。
web.xml中的配置:
filter
com.zyujie.common.LoginFilter
filter
/*
1
过滤器类:
package com.zyujie.common;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
// 如果session不为空,则可以浏览其他页面
String url = request.getServletPath();
System.out.println(url);
//这里判断目录,后缀名,当然也可以写在web.xml中,用url-pattern进行拦截映射
if ((!request.getServletPath().equals("/login.action"))
&& (!request.getServletPath().equals("/login.jsp"))
&& (!request.getServletPath().equals("/relogin.jsp"))
&& (!request.getServletPath().equals("/jquery-1.8.0.min.js"))) {
System.out.println(request.getServletPath());
if (session.getAttribute("userInfo") == null) {
session.invalidate();
response.setContentType("text/html;charset=gb2312");
PrintWriter out = response.getWriter();
out.println("
out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='" + request.getContextPath() + "/relogin.jsp'");
out.println("");
} else {
chain.doFilter(request, response);
}
} else {
chain.doFilter(request, response);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
做了一个测试:所有的ajax请求,都不能过滤,也不知道为什么。如果ajax要进行session判断的话,可以通过拦截器:代码如下:(ajax请求不能跳转页面,不知道怎么实现这种ajax请求,session丢失,页面跳转。)
struts2配置,拦截器:
/login.jsp
/ok.jsp
/login.jsp
/relogin.jsp
/ok.jsp
/login.jsp
/ok.jsp
拦截类:
package com.zyujie.common;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class SessionFilterInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation invocation) throws Exception {
HttpSession session = ServletActionContext.getRequest().getSession();
if(session.getAttribute("userInfo") == null){
//HttpServletResponse response = ServletActionContext.getResponse();
//ServletActionContext.getResponse().sendRedirect(Action.INPUT);
//session.invalidate();
//response.setContentType("text/html;charset=gb2312");
//PrintWriter out = response.getWriter();
//out.println("
//out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='/login.jsp'");
//out.println("");
//return "none";
return Action.INPUT;
}else{
return invocation.invoke();
}
}
}
对于ajax的请求,不能跳转页面。很多人说的,还是只有在页面端判断返回值,进行跳转。