java-同一用户顶替操做(session过时或无效)

时间  2020-12-01
标签 javascript html java web ajax 浏览器 session app 异步 ide 栏目 Java 繁體版
原文   原文链接

同一帐号后者登陆前者被强制退出:(能够经过监听器或过滤器进行监测session是否无效)javascript

首先根据输入的用户名和密码作验证,经过验证查询用户信息。在用户信息不为空的前提下,比较静态变量中的sessionid和浏览器session获取的getId(),判断两个值是否一致,若一致,则经过 正常走流程,若不一致,则返回登陆页面,session设置msg,提示“帐户失效或异地登陆”;

html

web.xml:java

<session-config>
        <session-timeout>180</session-timeout><!--session过时时间设置-->
</session-config>

controller:web

public static Map<HttpSession, String> loginSessionList = new HashMap<>();//保存当前登陆的全部用户 //登陆方法
 @ResponseBody @RequestMapping(value = "/login", method = RequestMethod.POST) public ResponseResult login(User user, HttpServletRequest request,HttpSession session) { //.............................
            session.setAttribute("username", user.getLoginName()); session.setAttribute("logoutType", "0"); checkLoginSession(session,user.getLoginName()); loginSessionList.put(session, user.getLoginName()); //............................. 
 } /** * 检查用户是否已经登陆 * @param session * @param loginName * @return
     */
    private String checkLoginSession(HttpSession session,String loginName) { String checkValue = "0"; HttpSession reSession = null; try { Set<HttpSession> keys = loginSessionList.keySet(); for (HttpSession key : keys) { if (loginSessionList.get(key).equals(loginName) && !session.equals(key)) { //key.invalidate();//若是该用户名有登陆,则使前者失效(适用于方法一)
                    key.setAttribute("logoutType", "1"); checkValue = "1"; reSession = key; break; } } if (checkValue.equals("1") && reSession != null) { //防止用户直接关闭浏览器
 loginSessionList.remove(reSession); } } catch (Exception e) { // TODO 自动生成的 catch 块
 e.printStackTrace(); } return null; }

参考连接:servlet/filter/listener/interceptor区别与联系ajax

方法一:(使用 HttpSessionListener进行监听)浏览器

使用监听器监听对页面跳转很差进行控制session

web.xml:app

<!-- session监听 -->
    <listener>
          <listener-class>net.nblh.system.shiro.OnlineUserListener</listener-class><!--监听器类的路径-->
    </listener>

 OnlineUserListener:异步

package net.nblh.system.shiro; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; import net.nblh.system.controller.SystemController; public class OnlineUserListener implements HttpSessionListener{ /** * 监听session建立 */ @Override public void sessionCreated(HttpSessionEvent arg0) { // TODO 自动生成的方法存根
 } /** * 监听session销毁 */ @Override public void sessionDestroyed(HttpSessionEvent event){ try { // TODO 自动生成的方法存根
            HttpSession session = event.getSession(); // 取得登陆的用户名
            String username = (String) session.getAttribute("username"); SystemController.loginSessionList.remove(session); System.out.println(username + "退出。"); } catch (Exception e) { // TODO 自动生成的 catch 块
 e.printStackTrace(); } } }

方法二:(使用Filter进行过滤)ide

web.xml:

<!-- session过滤器 -->
    <filter>
        <filter-name>sessionFilter</filter-name>
        <filter-class>net.nblh.system.shiro.SessionFilter</filter-class><!--过滤器类的路径-->
    </filter>
    <filter-mapping>
            <filter-name>sessionFilter</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>

SessionFilter:

package net.nblh.system.shiro; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import net.nblh.system.controller.SystemController; import net.nblh.system.entity.SysConfigItemValue; import net.nblh.utils.StringUtils; /** * Session拦截器 * @author lijd * */
public class SessionFilter implements Filter { @Override public void destroy() { // TODO 自动生成的方法存根
 } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { try { // TODO 自动生成的方法存根
            HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; HttpSession session = httpRequest.getSession(); //异地顶替帐号登陆url
            String toLoginUrl = session.getServletContext().getContextPath()+"/system/tologin2";//列席人登陆页面 //session过时登陆url
            String sessionLoginUrl = StringUtils.isNotEmpty(SysConfigItemValue.getValue("sessionOutTimeToURL"))?SysConfigItemValue.getValue("sessionOutTimeToURL"):toLoginUrl; String url = httpRequest.getRequestURI(); String path = url.substring(url.lastIndexOf("/")); /*// 判断是否为ajax请求 if (httpRequest.getHeader("x-requested-with") != null && httpRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) { //该请求是 AJAX 异步HTTP请求 if (session.getAttribute("shiroSavedRequest") != null && session.getAttribute("currentUser") == null) { SystemController.loginSessionList.remove(session); session.invalidate(); httpResponse.addHeader("sessionstatus", "timeOut");//Session已过时 httpResponse.addHeader("loginPath", sessionLoginUrl); chain.doFilter(request, response); }else { chain.doFilter(request, response);// 不可少,不然请求会出错 } }*/
            if (path.indexOf("sessionTimeOut") != -1 && session.getAttribute("shiroSavedRequest") != null && session.getAttribute("currentUser") == null) { SystemController.loginSessionList.remove(session); session.invalidate(); //session过时
                toLoginUrl(response,"会话已过时",sessionLoginUrl); } else if(session.getAttribute("logoutType") != null && session.getAttribute("logoutType").equals("1")){ SystemController.loginSessionList.remove(session); session.invalidate(); // logoutType=0:正常,logoutType=1:异地登陆 
                toLoginUrl(response,"用户已在别处登陆",toLoginUrl); } else { try { chain.doFilter(request, response); } catch (Exception e) { SystemController.loginSessionList.remove(session); session.invalidate(); toLoginUrl(response,"会话已过时!",sessionLoginUrl); } } } catch (Exception e) { // TODO 自动生成的 catch 块
 e.printStackTrace(); } } @Override public void init(FilterConfig arg0) throws ServletException { // TODO 自动生成的方法存根
 } /** * session无效后跳转指定路径 * @param response * @param message * @param loginUrl */
    private void toLoginUrl (ServletResponse response,String message,String loginUrl) { String str = "<script language='javascript'>alert('"+ message +"');" + "top.location.href='" + loginUrl + "';</script>"; response.setContentType("text/html;charset=UTF-8");// 解决中文乱码
        try { PrintWriter writer = response.getWriter(); writer.write(str); writer.flush(); writer.close(); } catch (Exception e) { e.printStackTrace(); } } }

使用响应头进行JS控制:

httpResponse.addHeader("sessionstatus", "timeOut");//Session已过时
httpResponse.addHeader("loginPath", sessionLoginUrl); chain.doFilter(request, response);

js:

<script type="text/javascript"> $(document).ajaxComplete(function(event, xhr, settings) { if(xhr.getResponseHeader("sessionstatus")=="timeOut"){ if(xhr.getResponseHeader("loginPath")){ alert("会话过时,请从新登录!"); window.location.replace(xhr.getResponseHeader("loginPath")); }else{ alert("请求超时请从新登录 !"); } } }); </script>
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程