Java_Session和登陆

//In every servlet, check whether Session is null or not. If session is not null then only do the request processing else redirect to login page.

 

HttpSession session  = request.getSession();

if(Session !=null)

{

try

{

    // acutal servlet actions

}else

{

  // redirect to login page

}

 

//Also it would be good if you add null check for session in your above code.

 

HttpSession session  = request.getSession();

if(session !=null)

try

{

    session.removeAttribute("logonData");//logonData,such as user and so on

    session.invalidate();

    // redirect tologin page

catch (Exception sqle)

{

    // ...

}

}else

{

  //session already null/ expired

}

 

ps: below is something from session api

 

void invalidate()

Invalidates this session then unbinds any objects bound to it.

Throws:

IllegalStateException - if this method is called on an already invalidated session

 

void removeAttribute(String name)

Removes the object bound with the specified name from this session. If the session does not have an object bound with the specified name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueUnbound. The container then notifies any HttpSessionAttributeListeners in the web application.

Parameters:

name - the name of the object to remove from this session

Throws:

IllegalStateException - if this method is called on an invalidated session