无效会话后，它仍然活着，为什么？

Question

考虑 servlet：

package controller;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * Servlet implementation class LogoutServlet
 */
@WebServlet("/loggingOut")
public class LogoutServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;

    protected void doGet(HttpServletRequest request, HttpServletResponse response) 
            throws ServletException, IOException 
    {
        // Get the session
        HttpSession session = request.getSession(false);

        if(session != null){
            System.out.println("Here ...");
            session.invalidate();
            // forwards to the page logout.jsp
            request.getRequestDispatcher("/WEB-INF/results/logoutResult.jsp").forward(request, response);
            // response.sendRedirect("./WEB-INF/results/logoutResult.jsp");

        }

        else
        {
            System.out.println("There ...");
            // response.sendRedirect("error404.jsp");
            request.getRequestDispatcher("./WEB-INF/results/error404.jsp").forward(request, response);
        }


    }

}

在我使会话无效并移动到 logoutResult.jsp 之后，如果我再次到达上述 servlet 则会话仍然“活动”，并且我没有到达 error404.jsp 的代码，即：

else
{
    System.out.println("There ...");
    // response.sendRedirect("error404.jsp");
    request.getRequestDispatcher("./WEB-INF/results/error404.jsp").forward(request, response);
}

我该如何解决？

非常感谢

Answer 1

因为每次访问 JSP 时都会创建一个新会话。要禁用此属性，请输入以下指令：

<%@ page session="false" %>

Answer 2

基本上，if(session != null){ 在这里没有任何意义。您应该从会话中读取一个属性并检查它是否为空：

   String username = (String)session.getAttribute("username");
   if(username!=null)
   {
      //user is logged in
   }
   else
   {
     //user is not logged in
   }