调用session.invalidate()会从注册表中删除该会话.之后调用getSession(false)将返回null(请注意,在这种情况下,getSession()或getSession(true)将创建一个新会话).调用invalidate()还将删除绑定到会话的所有会话属性.但是,如果您的代码仍然具有对会话或其任何属性的引用,那么这些仍然可以访问:
// create session if none exists (default) and obtain reference
HttpSession session = request.getSession();
// add a session attribute
session.setAttribute("lollypop", "it's my party");
// obtain reference to session attribute
Object lollypop = session.getAttribute("lollypop");
// print session ID and attribute
System.out.println(session.getId());
System.out.println(lollypop);
session.invalidate();
// session invalidated but reference to it still exists
if (session == null) {
System.out.println("This will never happen!");
}
// print ID and attribute from invalidated session (will be same as before)
System.out.println(session.getId());
System.out.println(lollypop);
// print 'null' (create=false makes sure no new session is created)
System.out.println(request.getSession(false));
输出示例:
1k47acjdelzeinpcbtczf2o9t
it's my party
1k47acjdelzeinpcbtczf2o9t
it's my party
null
到目前为止的解释.要解决您的问题,您应该:
HttpSession existingSession = request.getSession(false);
if (existingSession != null && existingSession.getAttribute("loginToken") != null){
//do something
}