request.getSession(false)未返回null

时间:2014-05-03 01:49:34

标签: java servlets

我正在尝试创建一个示例应用程序。我无法理解为什么会发生以下情况。

我的AuthFilter:

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        System.out.println("Reached AuthFilter");
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        HttpSession session = request.getSession(false);
        System.out.println("request.getSession(false)" + request.getSession(false));

        if (session == null) {
            System.out.println("Going to index.jsp");
            response.sendRedirect(request.getContextPath() + "/index.jsp");
        } else {
            System.out.println("Going to the servlet ");
            chain.doFilter(req, resp);
        }
    }

在检查用户名和密码后,在我的Servlet中,我想根据提供的详细信息指导用户。

我的Servlet代码:

    if (validUser) {
        System.out.println("Valid user. So, Going to another servlet /welcome.do");
        request.getRequestDispatcher("/welcome.do").forward(request, response);
    } else if (request.getSession(false) != null) {
        System.out.println("Already there is a session is associated with the user");
        request.getRequestDispatcher("secure/welcome.jsp").forward(request, response);
    } else {
        System.out.println("I am in else");
        request.getRequestDispatcher("/login-error.jsp").forward(request, response);
    }

The Output:

23:28:06,153 INFO  [stdout] (http--127.0.0.1-8080-1) Reached AuthFilter
23:28:06,153 INFO  [stdout] (http--127.0.0.1-8080-1) request.getSession(false)org.apache.catalina.session.StandardSessionFacade@3c6d1e82
23:28:06,154 INFO  [stdout] (http--127.0.0.1-8080-1) Going to the servlet 
23:28:06,437 INFO  [stdout] (http--127.0.0.1-8080-1) userName = xxx
23:28:06,439 INFO  [stdout] (http--127.0.0.1-8080-1) Retrieved passCode = xxx
23:28:06,440 INFO  [stdout] (http--127.0.0.1-8080-1) password.equals(passCode) = false
23:28:06,441 INFO  [stdout] (http--127.0.0.1-8080-1) Already there is a session is associated with the user

如果有与之关联的会话,我希望将我的用户发送到欢迎页面,否则我希望将它们发送到错误页面。但是这段代码正在向用户发送不正确的密码来欢迎页面。任何人都可以解释原因吗?

1 个答案:

答案 0 :(得分:0)

当您从浏览器客户端向服务器发起新请求时,您基本上初始化客户端和服务器之间的新会话。除非您销毁此会话(通过用户会话超时或通过在服务器上使用某种方法显式),否则会话将处于活动状态。

当您的用户根据您的登录方法进行身份验证时,您通常会创建一个User user对象并将其保存到会话中,然后通过检查用户是否已记录在当前会话中来验证用户是否已记录。为此,请更改当前代码:

在servlet中:

if (validUser) {
    System.out.println("Valid user. So, Going to another servlet /welcome.do");
    HttpSession session = request.getSession();
    //creating the User user instance
    User user = new User();
    user.setName(userName);  //assuming this is an attribute in User class
    //store it into session
    session.setAttribute("user", user);
    request.getRequestDispatcher("/welcome.do").forward(request, response);
} //rest of code...

在过滤器中:

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
    throws ServletException, IOException {
    System.out.println("Reached AuthFilter");
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;
    HttpSession session = request.getSession(false);
    User user = (User)session.getAttribute("user");
    if (user == null) {
        System.out.println("Going to index.jsp");
        response.sendRedirect(request.getContextPath() + "/index.jsp");
    } else {
        System.out.println("Going to the servlet ");
        chain.doFilter(req, resp);
    }
}
相关问题
最新问题