我正在尝试使用Java登出表单,并且正在使用Cookie。但是问题是,当我按下“后退”按钮时,它会将我重定向到我不想使用的最后一个安全页面。
这是我的代码:
Servlet:
@WebServlet(name="LogOut", urlPatterns={"/LogOut"})
public class LogOut extends HttpServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse response1)
throws ServletException, IOException {
Cookie[] cookies = req.getCookies();
if(cookies != null){
for(Cookie cookie : cookies){
if(cookie.getName().equals(req.getSession().getAttribute("email"))){
System.out.println( req.getSession().getAttribute("email") +cookie.getValue());
}
cookie.setMaxAge(0);
response1.addCookie(cookie);
}
}
//invalidate the session if exists
HttpSession session = req.getSession(false);
System.out.println("User="+req.getSession().getAttribute("email"));
if(session != null){
session.invalidate();
}
//no encoding because we have invalidated the session
response1.sendRedirect("index.html");
}
}
filter:
@WebFilter("/NoCacheFilter")
public class NoCacheFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); //Proxies.
chain.doFilter(req, res);
}
}
jsp:
<form action="logout" method="post">
<a><button type = "submit" class = "myprofile>Deconectare</button></a>
</form>
web.xml:
<servlet>
<servlet-name>logout</servlet-name>
<servlet-class>user.LogOut</servlet-class>
</servlet>
<filter>
<filter-name>nocachefilter</filter-name>
<filter-class>user.NoCacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>nocachefilter</filter-name>
<url-pattern>/logout</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>logout</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
有人可以帮我吗?
参考方案
问题是,当您单击“后退”按钮时,页面是从缓存而不是浏览器加载的。
您可以使用此答案提供的解决方案来避免从缓存加载:
Prevent user from seeing previously visited secured page after logout
您的servlet和filter应该是两个不同的类。
就您而言,您正在使用与Servlet和Filter相同的类。
<servlet-class>user.LogOut</servlet-class>
<filter-class>user.LogOut</filter-class>
创建一个Servlet类以及该类的cookie逻辑。
public class LogOutServlet extends HttpServlet{
protected void doPost(HttpServletRequest req,
HttpServletResponse response1) throws ServletException, IOException {
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if(cookie.getName().equals(req.getSession().getAttribute("email"))) {
System.out.println(req.getSession().getAttribute("email")
+ cookie.getValue());
}
cookie.setMaxAge(0);
response1.addCookie(cookie);
}
}
}
和您的web.xml为:
您必须分别为每个过滤器和servlet指定filter-mapping和servlet-mapping元素。在您的文件中,注销servlet缺少Servlet映射,而filter缺少了filter-mapping。
<servlet>
<servlet-name>logout</servlet-name>
<servlet-class>user.LogOut</servlet-class>
</servlet>
<filter>
<filter-name>nocachefilter</filter-name>
<filter-class>user.NoCacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>nocachefilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>logout</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
合并List <T>和List <Optional <T >> - java鉴于: List<Integer> integers = new ArrayList<>(Arrays.asList( 10, 12 )); List<Optional<Integer>> optionalIntegers = Arrays.asList( Optional.of(5), Optional.em…
实例化类型<?>的泛型类 - java我正在为SCJP / OCPJP学习,并且遇到了一个对我来说很奇怪的示例问题。该示例代码实例化了两个通用集合:List<?> list = new ArrayList<?>(); List<? extends Object> list2 = new ArrayList<? extends Object>(); …
无法在Maven surefire中运行多个执行? - java我想运行名称以ResourceTest.java结尾的测试类,因此我在执行后定义了它们。<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <co…
如何告诉Checker遗留方法将接受Nullable类型? - java考虑一下:@Nullable Object obj = null; Optional<Object> optional = Optional.ofNullable(obj); 这会失败,因为检查器框架假定ofNullable无法接受null值(毕竟,其参数未标记为@Nullable)。有没有办法告诉Checker-framework这个方法(或我…
根据激活的Maven配置文件更新战争名称 - java在pom中,我有两个配置文件。测试1测试2现在,我希望根据激活的配置文件更改战争名称。预期结果激活test1配置文件后,战争名称应为prefix-test1.war。激活test1和test2时,战争名称应为prefix-test1-test2.war。如果没有激活任何配置文件,则战争名称应为prefix.war。我的POM文件....<?xml ve…