Session超时，唯一性

来源：互联网发布：在淘宝上怎么搜索店铺编辑：程序博客网时间：2024/05/13 00:04

配置缓存文件，用来存储SessionId，将UserId作为key。（此处未贴代码）

创建sessionTimeOut.jsp文件（此处未贴代码）

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

配置Struts.xml文件(Class属性不用配置，仅用于跳转)

<action name="sessionTimeOut">
<result name="success">/WEB-INF/page/sessionTimeOut.jsp</result>
</action>

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

Action文件（登录时保存SessionId）

public String login(){
HttpSession session = ServletActionContext.getRequest().getSession();
//验证码
String genValidatecode = (String)session.getAttribute("RANDOMVALIDATECODEKEY");
session.setAttribute("user", student);//这里是引用传递，如果add方法也是这个Action，则添加用户时会更改Student的属性值。
String sessionID = session.getId();

//将sessionId存入缓存

EhcacheUtil.getInstance().put("com.sessoinId", student.getStuNo(), sessionID);
return SUCCESS;
}

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

创建用户登录校验过滤器LoginFilter

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import com.shenzhen.management.pojo.Student;

public class LoginFilter implements Filter {

private FilterConfig filterConfig;

private String noFilterURI;
Logger logger = Logger.getLogger(LoginFilter.class);

public LoginFilter() {
filterConfig = null;
noFilterURI = null;
}

public void init(FilterConfig filterConfig) throws ServletException{
this.filterConfig = filterConfig;
noFilterURI = filterConfig.getInitParameter("noFilterURI");
}

public void destroy(){
filterConfig = null;
}

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException{

HttpServletRequest request = (HttpServletRequest)servletRequest;
String indexURI = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath();

//用户登录检查
String requestUrl = request.getRequestURL().toString();
logger.debug(requestUrl);
if(requestUrl.equals(indexURI+"/")||requestUrl.equals(indexURI+"/login")||requestUrl.equals(indexURI+"/sessionTimeOut")||requestUrl.endsWith("imageServlet.servlet")||requestUrl.endsWith(".js")){
filterChain.doFilter(servletRequest, servletResponse);
}else{
HttpSession session = request.getSession();
Student user = (Student)session.getAttribute("user");
if(null == user){
HttpServletResponse response = (HttpServletResponse)servletResponse;
response.sendRedirect(indexURI+"/sessionTimeOut");
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
}
}

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

创建Session唯一性过滤器OnlySession

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import com.shenzhen.management.pojo.Student;
import com.shenzhen.management.util.ehcache.EhcacheUtil;

public class OnlySession implements Filter {
private FilterConfig filterConfig;
Logger logger = Logger.getLogger(OnlySession.class);
public OnlySession() {
filterConfig = null;
}

public void init(FilterConfig filterConfig) throws ServletException{
this.filterConfig = filterConfig;
}
public void destroy(){
filterConfig = null;
}
/**
* session超时和session唯一性检查
*/
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException,ServletException{
HttpServletRequest request = (HttpServletRequest)servletRequest;
String indexURI = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath();
String requestUrl = request.getRequestURL().toString();
//登录时不进行拦截
if(requestUrl.equals(indexURI+"/")||requestUrl.equals(indexURI+"/login")||requestUrl.equals(indexURI+"/sessionTimeOut")||requestUrl.endsWith("imageServlet.servlet")||requestUrl.endsWith(".js"))
{
filterChain.doFilter(servletRequest, servletResponse);
}else{
Student user = (Student)request.getSession().getAttribute("user");
HttpServletResponse response = (HttpServletResponse)servletResponse;
//如果session超时
if(null == user){
response.sendRedirect(indexURI+"/sessionTimeOut");
}else{
String userId = user.getStuNo();
String sessionId = request.getSession().getId();
String onlySessionId = (String)EhcacheUtil.getInstance().get("com.sessoinId", userId);
if(sessionId.equals(onlySessionId)){
filterChain.doFilter(servletRequest, servletResponse);
}else{
response.sendRedirect(indexURI+"/sessionTimeOut");
}
}
}
}
}

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

配置web.xml文件（以下Filter配置在Struts2的org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter前面）

<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.shenzhen.management.util.session.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>OnlySession</filter-name>
<filter-class>com.shenzhen.management.util.session.OnlySession</filter-class>
</filter>
<filter-mapping>
<filter-name>OnlySession</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<session-config>
<session-timeout>1</session-timeout>
</session-config>

0 0