我有一个会话侦听器:
@WebListenerpublic class SessionListener implements HttpSessionListener {@Overridepublic void sessionCreated(HttpSessionEvent se) {Set<Integer> follows = ConcurrentHashMap.newKeySet();se.getSession().setAttribute("userFollows", follows);}}
我有一个loginservlet:
@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {/* ... check parameters ... */try (Connection con = ConPool.getConnection()) {UserDAO service = new UserDAO(con);User user = service.get(username, true);if (user != null && user.getPassword().check(password) ) {HttpSession session = req.getSession(true);session.setAttribute("loggedUserId", user.getId());/* Adds guest's follows in db */Set<Integer> follows = (Set<Integer>) session.getAttribute("userFollows");if(!follows.isEmpty()) {FollowDAO followService = new FollowDAO(con);followService.insert(follows, user.getId());}resp.sendRedirect(req.getContextPath());} else {resp.sendError(400);return;}} catch (SQLException throwables) {throw new ServletException(throwables);}}
这是logoutservlet:
@WebServlet("/logout")public class LogoutServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {HttpSession session = req.getSession(true);if(session.getAttribute("loggedUser") == null){resp.sendRedirect(req.getContextPath());return;}session.invalidate();resp.sendRedirect(getServletContext().getContextPath());}}
然后还有一些其他servlet,它们访问loggeduserid(如果我已登录)或迭代以下集合(如果我是guest)。问题是会话随时都可能失效:好奇的用户可以在执行另一个任务时注销,servlet可以对失效的会话调用“getattribute”(或“setattribute”),从而触发invalidstateexception。此外,当一些servlet向Map中添加某些内容时,可以访问Map,但是可以通过使用synchronizedmap来修复Map,因此这里真正的问题是会话可能随时失效。每次使用会话时使用“同步”是唯一的解决方案吗?
暂无答案!
目前还没有任何答案,快来回答吧!