问题
I have a login page (Index.jsp
) , here user put user id and password. on submit LoginAuthentification.java
(action class) called and authenticate the user , but according to the result in action class it return the JSP.
<action name="login" class="com.struts2.LoginAuthentication"
method="execute">
<interceptor-ref name="clear-cache" />
<result name="manager">/ManagerView.jsp</result>
<result name="SSE" type="redirectAction">
<param name="actionName">viewPlan</param>
<param name="userID">${userID}</param>
</result>
<result name="input">/Index.jsp</result>
<result name="error">/error.jsp</result>
</action>
In this case, it is returning ManagerView.jsp
. Now in this JSP, I added a hyperlink for logout
. and it is doing below
<action name="logout" class="com.struts2.LoginAuthentication"
method="logout">
<interceptor-ref name="clear-cache" />
<result name="success">/Index.jsp</result>
<result name="error">/error.jsp</result>
</action>
code from action class
public String logout() {
//if (session instanceof org.apache.struts2.dispatcher.SessionMap) {
session.clear();
//session.re
System.out.println("test");
session.remove("loggedInUser");
((org.apache.struts2.dispatcher.SessionMap) session).invalidate();
//}
return "success";
}
after logout it is redirected to Index.jsp
, now I clicked on back button
It display "confirm form resubmission"
message in chrome and webpage expired in IE. But when I reload the page it login the old user automatically.
I have added
<%
response.setHeader("Cache-control", "no-cache, no-store");
response.setHeader("Expires", "0");
response.setHeader("Vary", "*");
%>
in the JSP as well as in interceptor.
I am trying to block auto login on reload.
回答1:
The problem is that after logout you are not actually redirect to a new action. The cause of such behavior when you pressed the back button you got a conformation dialog in the browser. The back button is not used to call an action, unless it's not invoked via triggering it using Ajax. You should follow post-redirect-get pattern when doing request for logout.
<action name="logout" class="com.struts2.LoginAuthentication" method="logout">
<interceptor-ref name="clear-cache" />
<result name="success" type="redirect">/</result>
<result name="error">/error.jsp</result>
</action>
回答2:
I resolved the issue by redirecting it to another action. and wrote another interceptor to validate if it is having user id in the session or not.
<default-interceptor-ref name="loginStack"></default-interceptor-ref>
<action name="login" class="com.struts2.LoginAuthentication"
method="execute">
<interceptor-ref name="defaultStack"/>
<result name="manager" type="redirectAction">
<param name="actionName">home</param>
</result>
</action>
<action name="home" class="com.struts2.LoginAuthentication"
method="home">
<result name="success">/ManagerView.jsp</result>
<result name="error">/error.jsp</result>
</action>
来源:https://stackoverflow.com/questions/28663727/after-logout-back-reload-issue-in-struts-2