如何使用servlet和jsp在注销后防止查看页面[重复]

Posted

技术标签:

【中文标题】如何使用servlet和jsp在注销后防止查看页面[重复]【英文标题】:how to prevent viewed pages after logout using servlet and jsp [duplicate] 【发布时间】:2012-10-31 06:03:37 【问题描述】:

这是我在这个网站上的第一个查询。希望你们能帮助完成我的项目。提前谢谢。

我粘贴了我的项目的完整代码。我想要一个解决方案(即)在单击注销按钮后,用户应该导航到登录页面,当他尝试单击返回按钮时,他不应该转到上一页并且应该在同一个登录页面中。

index.jsp

            <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
                pageEncoding="ISO-8859-1"%>
                    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                    <html>
                    <head>
                    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
                    <title>Login</title>

                    <style type="text/css">
                    .header 
                width: 250px;
            height: 50px;
            background-color: #6495ED;
            font-family: verdana;
            font-size: 20px;
            font-weight: bold;
        

        .header2 
            width: 250px;
            height: 50px;
            background-color: "#FFE4B5";
            font-family: verdana;
            font-size: 12px;
            font-weight: bold;
        
        </style>

        <script type="text/javascript">
        <%String name = (String) request.getAttribute("status");%>
        var alertMsg = "<%=name%>
            ";
            if (alertMsg != "null" && alertMsg != '') 
                alert(alertMsg);
            
        </script>


        <script src="<%=request.getContextPath()%>/gen_validatorv4.js"
            type="text/javascript"></script>
        </head>
        <body>

            <form name="login" action="LoginServlet" method="post">

                <center>
                    <a href="index.jsp" class="header2" style="background-color: #FFE4B5";>Home</a>
                </center>



                <center>
                    <table
                        style="background-color: #CAE1FF; border-color: 1px solid red;">
                        <tr>
                            <td align="center" class="header" colspan="2">Login</td>
                        </tr>
                        <tr >
                            <td align="" class=""
                                style="padding-left: 10px; font-family: tohoma;">Username</td>
                            <td><input type="text" name="username" style="width: 150px;" />
                            </td>
                        </tr>
                        <tr >
                            <td align="" class=""
                                style="padding-left: 10px; font-family: tohoma;">Password</td>
                            <td><input type="password" name="password"
                                style="width: 150px;" /></td>
                        </tr>
                        <tr >
                            <td></td>
                            <td align="center" colspan="0">
                                <table style="width: 100%;">
                                    <tr>
                                        <td align="left"><input type="submit" name="submit"
                                            value="Login"
                                            style="width: 60px; height: 25px; background: #436EEE; color: white !important; border: 1px solid #0000EE;; border-radius: 2;" />
                                        </td>
                                        <td><input type="reset" value="Cancel"
                                            style="width: 60px; height: 25px; background: #436EEE; color: white !important; border: 1px solid #0000EE;; border-radius: 2;" />
                                        </td>
                                        <td><a href="register.jsp">New User?</a></td>
                                    </tr>
                                </table></td>
                        </tr>
                    </table>
                </center>
            </form>

            <script type="text/javascript">
                var formValidator = new Validator("login");
                formValidator.addValidation("username", "req",
                        "Please enter your User Name");
                formValidator.addValidation("password", "req",
                        "Please enter your Password");
            </script>

        </body>
        </html>

LoginServlet.java

            package pack;

        import java.io.IOException;
        import java.sql.Connection;
        import java.sql.DriverManager;
        import java.sql.ResultSet;
        import java.sql.Statement;

        import javax.servlet.Filter;
        import javax.servlet.FilterChain;
        import javax.servlet.FilterConfig;
        import javax.servlet.RequestDispatcher;
        import javax.servlet.ServletException;
        import javax.servlet.ServletRequest;
        import javax.servlet.ServletResponse;
        import javax.servlet.annotation.WebServlet;
        import javax.servlet.http.HttpServlet;
        import javax.servlet.http.HttpServletRequest;
        import javax.servlet.http.HttpServletResponse;
        import javax.servlet.http.HttpSession;

        /**
         * Servlet implementation class LoginServlet
         */
        @WebServlet("/LoginServlet")
        public class LoginServlet extends HttpServlet implements Filter 

            private static final long serialVersionUID = 1L;

            /**
             * @see HttpServlet#HttpServlet()
             */
            public LoginServlet() 
                super();
                // TODO Auto-generated constructor stub
            

            /**
             * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
             *      response)
             */
            @Override
            protected void doGet(HttpServletRequest request,
                    HttpServletResponse response) throws ServletException, IOException 
                // TODO Auto-generated method stub
            

            /**
             * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
             *      response)
             */
            @Override
            protected void doPost(HttpServletRequest request,
                    HttpServletResponse response) throws ServletException, IOException 
                String loginName = null;
                String loginPass = null;
                String status;
                HttpSession session = request.getSession();
                String username = request.getParameter("username");
                String password = request.getParameter("password");

                String jdbcDriver = "com.mysql.jdbc.Driver";
                String dbURL = "jdbc:mysql://localhost:3306/studentdetails";
                String uname = "root";
                String pwd = "admin";

                try 
                    Class.forName(jdbcDriver);
                    Connection con = DriverManager.getConnection(dbURL, uname, pwd);
                    Statement stmt = con.createStatement();
                    ResultSet rs;
                    String query = "SELECT username, password FROM registration WHERE username = '"
                            + username + "' AND password = '" + password + "'";

                    System.out.println(query);
                    stmt.executeQuery(query);

                    boolean permission = false;
                    rs = stmt.getResultSet();

                    while (rs.next()) 
                        permission = true;
                        loginName = rs.getString("username");
                        loginPass = rs.getString("password");

                    

                    System.out.println(loginName);
                    System.out.println(loginPass);

                    rs.close();
                    stmt.close();

                    if (permission == true) 
                        request.getSession(true);
                        session.setAttribute("username", loginName);
                        RequestDispatcher redis = request
                                .getRequestDispatcher("/WEB-INF/pages/list.jsp");
                        redis.forward(request, response);

                     else 
                        System.out.println("Permission denied");
                        status = "Username not yet registered";
                        request.setAttribute("status", status);

                        RequestDispatcher redis = request
                                .getRequestDispatcher("index.jsp");
                        redis.forward(request, response);

                    

                 catch (Exception e) 
                    // TODO: handle exception
                    e.printStackTrace();
                
            

            @Override
            public void doFilter(ServletRequest req, ServletResponse res,
                    FilterChain chain) throws IOException, ServletException 
                // TODO Auto-generated method stub
                HttpServletRequest request = (HttpServletRequest) req;
                HttpServletResponse response = (HttpServletResponse) res;
                HttpSession session = request.getSession(false);
                if (session != null && session.isNew()) 
                    response.setHeader("Pragma", "no-cache");
                    response.setHeader("Cache-Control", "no-cache");
                    response.setDateHeader("Expires", 0);
                    chain.doFilter(request, response);
                 else 
                    response.sendRedirect("index.jsp");
                

            

            @Override
            public void init(FilterConfig arg0) throws ServletException 
                // TODO Auto-generated method stub

list.jsp

                <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
                pageEncoding="ISO-8859-1"%>
            <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
            <html>
            <head>
            <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
            <meta http-equiv="Pragma" content="no-cache">
            <meta http-equiv="Expires" content="-1">
            <meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
            <title>Insert title here</title>
            <script type="text/javascript">
                function logout() 

                    session.removeAttribute("username");
                    request.getSession().invalidate();
                    response.sendRedirect("index.jsp");
                
            </script>
            </head>

            <body>
                <form action="LoginServlet" name = "list">
                    <p><%if(session.getAttribute("username")!=null)
                    %>
                    <%session.getAttribute("username");%></p>
                    <% %>
                    <input type="button" value = "Logout" onclick="logout();"/>

                </form>
            </body>
            </html>

web.xml

                <?xml version="1.0" encoding="UTF-8"?>
            <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
                xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
                id="WebApp_ID" version="3.0">
                <display-name>SessionManagement</display-name>
                <servlet>
                    <servlet-name>Session</servlet-name>
                    <servlet-class>pack.LoginServlet</servlet-class>
                </servlet>
                <servlet-mapping>
                    <servlet-name>LoginServlet</servlet-name>
                    <url-pattern>/LoginServlet</url-pattern>
                </servlet-mapping>
                <filter>
                    <filter-name>noCacheFilter</filter-name>
                    <filter-class>pack.LoginServlet</filter-class>
                </filter>
                <filter-mapping>
                    <filter-name>noCacheFilter</filter-name>
                    <url-pattern>/list.jsp</url-pattern>
                </filter-mapping>
                <welcome-file-list>
                    <welcome-file>index.jsp</welcome-file>
                </welcome-file-list>
            </web-app>

【问题讨论】:

【参考方案1】:

我认为您必须禁用“bfcache”,强制浏览器重新下载页面 - 这反过来会检测到用户不再登录并重定向到登录页面

【讨论】:

如何禁用它,伙计.. 通常人们会问如何启用它...无论如何,似乎在 body 标签上使用非空的 onunload 函数可以有效地完全禁用它。 单独创建过滤器对我不起作用。现在有了“onunload”功能。谢谢@thedayofcondor

以上是关于如何使用servlet和jsp在注销后防止查看页面[重复]的主要内容,如果未能解决你的问题,请参考以下文章

在用户注销后防止浏览器的后退按钮显示安全数据的最简单方法是啥?

表单提交后防止页面重新加载

表单提交/节点后防止页面重新加载(没有可用的 ajax)

HTML 双击后防止多个页面请求

双击后防止文本选择

编辑绑定的 DataGridView 后防止列自动排序