当前位置: 动力学知识库 > 问答 > 编程问答 >

java - request.getSession(false) is not returning null

问题描述:

I am trying to create a sample application. I am unable to understand why the following is happening.

My AuthFilter:

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {

System.out.println("Reached AuthFilter");

HttpServletRequest request = (HttpServletRequest) req;

HttpServletResponse response = (HttpServletResponse) resp;

HttpSession session = request.getSession(false);

System.out.println("request.getSession(false)" + request.getSession(false));

if (session == null) {

System.out.println("Going to index.jsp");

response.sendRedirect(request.getContextPath() + "/index.jsp");

} else {

System.out.println("Going to the servlet ");

chain.doFilter(req, resp);

}

}

In my Servlet after checking the userName and password, I want to direct the user based on the provided details.

My Servlet Code:

 if (validUser) {

System.out.println("Valid user. So, Going to another servlet /welcome.do");

request.getRequestDispatcher("/welcome.do").forward(request, response);

} else if (request.getSession(false) != null) {

System.out.println("Already there is a session is associated with the user");

request.getRequestDispatcher("secure/welcome.jsp").forward(request, response);

} else {

System.out.println("I am in else");

request.getRequestDispatcher("/login-error.jsp").forward(request, response);

}

The Output:

23:28:06,153 INFO [stdout] (http--127.0.0.1-8080-1) Reached AuthFilter

23:28:06,153 INFO [stdout] (http--127.0.0.1-8080-1) request.getSession(false)[email protected]

23:28:06,154 INFO [stdout] (http--127.0.0.1-8080-1) Going to the servlet

23:28:06,437 INFO [stdout] (http--127.0.0.1-8080-1) userName = xxx

23:28:06,439 INFO [stdout] (http--127.0.0.1-8080-1) Retrieved passCode = xxx

23:28:06,440 INFO [stdout] (http--127.0.0.1-8080-1) password.equals(passCode) = false

23:28:06,441 INFO [stdout] (http--127.0.0.1-8080-1) Already there is a session is associated with the user

I want my users to be sent to welcome page, if there is a session associated with them, else I want them to be sent to error page. But this code is sending the user with incorrect password to welcome page. Can anyone explain why?

网友答案:

When you start a new request from a browser client to your server, you basically initialize a new session between the client and the server. Unless you destroy this session (either by user session timeout or explicitly by using some method on the server), the session will be alive.

When your user is authenticated against your login method, then you usually create a User user object and save it into the session, then you validate if the user is already logged by checking if it exists in current session. To do this, change your current code:

In servlet:

if (validUser) {
    System.out.println("Valid user. So, Going to another servlet /welcome.do");
    HttpSession session = request.getSession();
    //creating the User user instance
    User user = new User();
    user.setName(userName);  //assuming this is an attribute in User class
    //store it into session
    session.setAttribute("user", user);
    request.getRequestDispatcher("/welcome.do").forward(request, response);
} //rest of code...

In filter:

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
    throws ServletException, IOException {
    System.out.println("Reached AuthFilter");
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;
    HttpSession session = request.getSession(false);
    User user = (User)session.getAttribute("user");
    if (user == null) {
        System.out.println("Going to index.jsp");
        response.sendRedirect(request.getContextPath() + "/index.jsp");
    } else {
        System.out.println("Going to the servlet ");
        chain.doFilter(req, resp);
    }
}
分享给朋友:
您可能感兴趣的文章:
随机阅读: