MyException - 我的异常网
当前位置:我的异常网» Java Web开发 » 心急如焚啊再次提问,session过期后,为什么数据还

心急如焚啊再次提问,session过期后,为什么数据还存在?该怎么解决(3)

www.MyException.Cn  网友分享于:2015-08-27  浏览:23次

   进入创建前的Action
public final class EnterNewProjectPageAction extends Action {
        public ActionForward execute(ActionMapping mapping, ActionForm form,
                        HttpServletRequest request, HttpServletResponse response)
                        throws Exception {        
                
                saveToken(request);
                
                return (mapping.findForward("createproject_jsp"));
        }
}

// 创建Action
public final class CreateProjectAction extends Action {
        public ActionForward execute(ActionMapping mapping, ActionForm form,
                        HttpServletRequest request, HttpServletResponse response)
                        throws Exception {        

                
                if(isTokenValid(request)){
                        resetToken(request);
                        
                        CreateProjectForm createProjectForm=(CreateProjectForm)form;        
                        Project newProject=createProjectForm.getProject();
                        
                        newProject.setCreateTime(Util.getCurrTime());
        
                        ProjectService.create(newProject);        
                        
                }
                else{
                        
                        System.out.println("重复提交");
                }                
        
                ProjectUtil.setupPages(0,request);
                return (mapping.findForward("projects_jsp"));
        }
}

------解决方案--------------------

哈哈。。。我觉得yys79 的答案是正解。。。你一刷新又发送了一次表单数据进行了验证,
楼主可以在Action中输出语句试一下...

我也觉得应该用重定向到跳转页面,而不该用转发。。forward...
------解决方案--------------------
1、加个防重复提交代码,Struts里面有的
2、Action中跳转时,不要使用mapping.findForward()方式跳转,跳转时候,用return new ActionForward("URL",true);
3、在页面上加上判断session,为空,则session失效
------解决方案--------------------
楼主应该好好的学习一下forward和Redirect这两种转发方式,之前我们的项目也是遇到像你这样的问题。

有2种方式去解决,
1.登陆验证完毕后,将用户信息放入Session,再重定向,也就是Redirect
2.我自己写了一个类似的令牌机制

Java code



package cn.net.ssd.pubUtil;

import java.util.ArrayList;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
 * 
 * @author 大米辉 Mar 26, 2009
 * @project SSD_ZH_ALARM
 *
 */
public class CheckToken{
    /**
     * 检测是否是重复提交
     * @param request
     * @param reset 保存令牌
     * @return
     *//*
    public static boolean isTokenValid(HttpServletRequest request,boolean reset){
        boolean rs=true;
        HttpSession session =request.getSession();
        Object token=session.getAttribute("isValid");
        if(token!=null){
            String isValid=token.toString();
            if(isValid.equals("1")){
                rs=true;
            }
        }else{
            rs=false;
        }
        if(reset){
            saveToken(request);
        }
        
        return rs;
    }
    
    *//**
     * 保存令牌
     * @param request
     *//*
    public static void saveToken(HttpServletRequest request){
        HttpSession session =request.getSession();
        session.setAttribute("isValid","1");
    }
    
    *//**
     * 重置Token
     * @param request
     *//*
    public static void resetToken(HttpServletRequest request){
        HttpSession session =request.getSession();
        if(session.getAttribute("isValid")!=null){
            session.removeAttribute("isValid");
        }
        
    }*/
    
    private static final String TOKEN_LIST_NAME = "tokenList";

    public static final String TOKEN_STRING_NAME = "token";

    @SuppressWarnings("unchecked")
    private static ArrayList<String> getTokenList(HttpSession session) {
       Object obj = session.getAttribute(TOKEN_LIST_NAME);
       if (obj != null) {
          return (ArrayList<String>) obj;
       } else {
          ArrayList<String> tokenList = new ArrayList<String>();
          session.setAttribute(TOKEN_LIST_NAME, tokenList);
          return tokenList;
       }
    }
    /**
     * 保存令牌字符串
     * @param tokenStr
     * @param session
     */
    private static void saveTokenString(String tokenStr, HttpSession session) {
       ArrayList<String> tokenList = getTokenList(session);
       tokenList.add(tokenStr);
       session.setAttribute(TOKEN_LIST_NAME, tokenList);
    }
    /**
     * 得到令牌字符串
     * @param tokenStr
     * @param session
     */
    private static String generateTokenString(){
       return new Long(System.currentTimeMillis()).toString();
    }

    /** 
     * Generate a token string, and save the string in session, then return the token string.
     * 
     * @param HttpSession
     *            session
     * @return a token string used for enforcing a single request for a particular transaction.
     */
    public static String getTokenString(HttpSession session) {
       String tokenStr = generateTokenString();
       saveTokenString(tokenStr, session);
       return tokenStr;
    }

    /** 
     * check whether token string is valid. if session contains the token string, return true. 
     * otherwise, return false.
     * 
     * @param String
     *            tokenStr
     * @param HttpSession
     *            session
     * @return true: session contains tokenStr; false: session is null or tokenStr is id not in session
     */
    public static boolean isTokenStringValid(String tokenStr, HttpSession session) {
       boolean valid = false;
       if(session != null){
          ArrayList<String> tokenList = getTokenList(session);
          if (tokenList.contains(tokenStr)) {
             valid = true;
             tokenList.remove(tokenStr);
          }
       }
       return valid;
    }
    public static boolean isTokenValid(HttpServletRequest request){
        return isTokenStringValid(request.getParameter(CheckToken.TOKEN_STRING_NAME), request.getSession());
    }
}

文章评论

软件开发程序错误异常ExceptionCopyright © 2009-2015 MyException 版权所有