java Web常用过滤器
一、使浏览器不缓存页面的过滤器
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 用于的使 Browser 不缓存页面的过滤器
*/
public class ForceNoCacheFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
{
((HttpServletResponse) response).setHeader("Cache-Control","no-cache");
((HttpServletResponse) response).setHeader("Pragma","no-cache");
((HttpServletResponse) response).setDateHeader ("Expires", -1);
filterChain.doFilter(request, response);
}
public void destroy()
{
}
public void init(FilterConfig filterConfig) throws ServletException
{
}
}
二、检测用户是否登陆的过滤器
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.ArrayList;
import java.util.StringTokenizer;
import java.io.IOException;
/**
* 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面
* 配置参数
* checkSessionKey 需检查的在 Session 中保存的关键字
* redirectURL 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath
* notCheckURLList 不做检查的URL列表,以分号分开,并且 URL 中不包括 ContextPath
*/
public class CheckLoginFilter
implements Filter
{
protected FilterConfig filterConfig = null;
private String redirectURL = null;
private List notCheckURLList = new ArrayList();
private String sessionKey = null;
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
if(sessionKey == null)
{
filterChain.doFilter(request, response);
return;
}
if((!checkRequestURIIntNotFilterList(request)) && session.getAttribute(sessionKey) == null)
{
response.sendRedirect(request.getContextPath() + redirectURL);
return;
}
filterChain.doFilter(servletRequest, servletResponse);
}
public void destroy()
{
notCheckURLList.clear();
}
private boolean checkRequestURIIntNotFilterList(HttpServletRequest request)
{
String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
return notCheckURLList.contains(uri);
}
public void init(FilterConfig filterConfig) throws ServletException
{
this.filterConfig = filterConfig;
redirectURL = filterConfig.getInitParameter("redirectURL");
sessionKey = filterConfig.getInitParameter("checkSessionKey");
String notCheckURLListStr = filterConfig.getInitParameter("notCheckURLList");
if(notCheckURLListStr != null)
{
StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";");
notCheckURLList.clear();
while(st.hasMoreTokens())
{
notCheckURLList.add(st.nextToken());
}
}
}
}
三、字符编码的过滤器
import javax.servlet.*;
import java.io.IOException;
/**
* 用于设置 HTTP 请求字符编码的过滤器,通过过滤器参数encoding指明使用何种字符编码,用于处理Html Form请求参数的中文问题
*/
public class CharacterEncodingFilter
implements Filter
{
protected FilterConfig filterConfig = null;
protected String encoding = "";
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
if(encoding != null)
servletRequest.setCharacterEncoding(encoding);
filterChain.doFilter(servletRequest, servletResponse);
}
public void destroy()
{
filterConfig = null;
encoding = null;
}
public void init(FilterConfig filterConfig) throws ServletException
{
this.filterConfig = filterConfig;
this.encoding = filterConfig.getInitParameter("encoding");
}
}
四、资源保护过滤器
package catalog.view.util;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import java.util.HashSet;
//
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* This Filter class handle the security of the application.
*
* It should be configured inside the web.xml.
*
* @author Derek Y. Shen
*/
public class SecurityFilter implements Filter {
//the login page uri
private static final String LOGIN_PAGE_URI = "login.jsf";
//the logger object
private Log logger = LogFactory.getLog(this.getClass());
//a set of restricted resources
private Set restrictedResources;
/**
* Initializes the Filter.
*/
public void init(FilterConfig filterConfig) throws ServletException {
this.restrictedResources = new HashSet();
this.restrictedResources.add("/createProduct.jsf");
this.restrictedResources.add("/editProduct.jsf");
this.restrictedResources.add("/productList.jsf");
}
/**
* Standard doFilter object.
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
this.logger.debug("doFilter");
String contextPath = ((HttpServletRequest)req).getContextPath();
String requestUri = ((HttpServletRequest)req).getRequestURI();
this.logger.debug("contextPath = " + contextPath);
this.logger.debug("requestUri = " + requestUri);
if (this.contains(requestUri, contextPath) && !this.authorize((HttpServletRequest)req)) {
this.logger.debug("authorization failed");
((HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req, res);
}
else {
this.logger.debug("authorization succeeded");
chain.doFilter(req, res);
}
}
public void destroy() {}
private boolean contains(String value, String contextPath) {
Iterator ite = this.restrictedResources.iterator();
while (ite.hasNext()) {
String restrictedResource = (String)ite.next();
if ((contextPath + restrictedResource).equalsIgnoreCase(value)) {
return true;
}
}
return false;
}
private boolean authorize(HttpServletRequest req) {
//处理用户登录
/* UserBean user = (UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);
if (user != null && user.getLoggedIn()) {
//user logged in
return true;
}
else {
return false;
}*/
}
}
五 利用Filter限制用户浏览权限
在一个系统中通常有多个权限的用户。不同权限用户的可以浏览不同的页面。使用Filter进行判断不仅省下了代码量,而且如果要更改的话只需要在Filter文件里动下就可以。
以下是Filter文件代码:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class RightFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest sreq, ServletResponse sres, FilterChain arg2) throws IOException, ServletException {
// 获取uri地址
HttpServletRequest request=(HttpServletRequest)sreq;
String uri = request.getRequestURI();
String ctx=request.getContextPath();
uri = uri.substring(ctx.length());
//判断admin级别网页的浏览权限
if(uri.startsWith("/admin")) {
if(request.getSession().getAttribute("admin")==null) {
request.setAttribute("message","您没有这个权限");
request.getRequestDispatcher("/login.jsp").forward(sreq,sres);
return;
}
}
//判断manage级别网页的浏览权限
if(uri.startsWith("/manage")) {
//这里省去
}
}
//下面还可以添加其他的用户权限,省去。
}
public void init(FilterConfig arg0) throws ServletException {
}
}
<!-- 判断页面的访问权限 -->
<filter>
<filter-name>RightFilter</filter-name>
<filter-class>cn.itkui.filter.RightFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RightFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>RightFilter</filter-name>
<url-pattern>/manage/*</url-pattern>
</filter-mapping>
在web.xml中加入Filter的配置,如下:
<filter>
<filter-name>EncodingAndCacheflush</filter-name>
<filter-class>EncodingAndCacheflush</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodingAndCacheflush</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
要传递参数的时候最好使用form进行传参,如果使用链接的话当中文字符的时候过滤器转码是不会起作用的,还有就是页面上
form的method也要设置为post,不然过滤器也起不了作用。
=========================================================
一、统一全站字符编码
通过配置参数charset指明使用何种字符编码,以处理Html Form请求参数的中文问题
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 import javax.servlet.Filter; 5 import javax.servlet.FilterChain; 6 import javax.servlet.FilterConfig; 7 import javax.servlet.ServletException; 8 import javax.servlet.ServletRequest; 9 import javax.servlet.ServletResponse; 10 import javax.servlet.http.HttpServletRequest; 11 import javax.servlet.http.HttpServletRequestWrapper; 12 import javax.servlet.http.HttpServletResponse; 13 14 /** 15 * @ClassName: CharacterEncodingFilter 16 * @Description: 此过滤器用来解决全站中文乱码问题 17 * @author: 孤傲苍狼 18 * @date: 2014-8-31 下午11:09:37 19 * 20 */ 21 public class CharacterEncodingFilter implements Filter { 22 23 private FilterConfig filterConfig = null; 24 //设置默认的字符编码 25 private String defaultCharset = "UTF-8"; 26 27 public void doFilter(ServletRequest req, ServletResponse resp, 28 FilterChain chain) throws IOException, ServletException { 29 30 HttpServletRequest request = (HttpServletRequest) req; 31 HttpServletResponse response = (HttpServletResponse) resp; 32 String charset = filterConfig.getInitParameter("charset"); 33 if(charset==null){ 34 charset = defaultCharset; 35 } 36 request.setCharacterEncoding(charset); 37 response.setCharacterEncoding(charset); 38 response.setContentType("text/html;charset="+charset); 39 40 MyCharacterEncodingRequest requestWrapper = new MyCharacterEncodingRequest(request); 41 chain.doFilter(requestWrapper, response); 42 } 43 44 public void init(FilterConfig filterConfig) throws ServletException { 45 //得到过滤器的初始化配置信息 46 this.filterConfig = filterConfig; 47 } 48 49 public void destroy() { 50 51 } 52 } 53 54 /* 55 1.实现与被增强对象相同的接口 56 2、定义一个变量记住被增强对象 57 3、定义一个构造器,接收被增强对象 58 4、覆盖需要增强的方法 59 5、对于不想增强的方法,直接调用被增强对象(目标对象)的方法 60 */ 61 62 class MyCharacterEncodingRequest extends HttpServletRequestWrapper{ 63 64 private HttpServletRequest request; 65 public MyCharacterEncodingRequest(HttpServletRequest request) { 66 super(request); 67 this.request = request; 68 } 69 /* 重写getParameter方法 70 * @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String) 71 */ 72 @Override 73 public String getParameter(String name) { 74 75 try{ 76 //获取参数的值 77 String value= this.request.getParameter(name); 78 if(value==null){ 79 return null; 80 } 81 //如果不是以get方式提交数据的,就直接返回获取到的值 82 if(!this.request.getMethod().equalsIgnoreCase("get")) { 83 return value; 84 }else{ 85 //如果是以get方式提交数据的,就对获取到的值进行转码处理 86 value = new String(value.getBytes("ISO8859-1"),this.request.getCharacterEncoding()); 87 return value; 88 } 89 }catch (Exception e) { 90 throw new RuntimeException(e); 91 } 92 } 93 }
web.xml文件中的配置如下:
1 <filter> 2 <filter-name>CharacterEncodingFilter</filter-name> 3 <filter-class>me.gacl.web.filter.CharacterEncodingFilter</filter-class> 4 <init-param> 5 <param-name>charset</param-name> 6 <param-value>UTF-8</param-value> 7 </init-param> 8 </filter> 9 10 <filter-mapping> 11 <filter-name>CharacterEncodingFilter</filter-name> 12 <url-pattern>/*</url-pattern> 13 </filter-mapping>
二、禁止浏览器缓存所有动态页面
有3 个HTTP 响应头字段都可以禁止浏览器缓存当前页面,它们在 Servlet 中的示例代码如下:
1 response.setDateHeader("Expires",-1); 2 response.setHeader("Cache-Control","no-cache"); 3 response.setHeader("Pragma","no-cache");
并不是所有的浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头。
- Expires数据头:值为GMT时间值,为-1指浏览器不要缓存页面
- Cache-Control响应头有两个常用值:
- no-cache指浏览器不要缓存当前页面。
- max-age:xxx指浏览器缓存页面xxx秒。
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest; 10 import javax.servlet.ServletResponse; 11 import javax.servlet.http.HttpServletRequest; 12 import javax.servlet.http.HttpServletResponse; 13 14 /** 15 * @ClassName: NoCacheFilter 16 * @Description: 禁止浏览器缓存所有动态页面 17 * @author: 孤傲苍狼 18 * @date: 2014-8-31 下午11:25:40 19 * 20 */ 21 public class NoCacheFilter implements Filter { 22 23 24 public void doFilter(ServletRequest req, ServletResponse resp, 25 FilterChain chain) throws IOException, ServletException { 26 //把ServletRequest强转成HttpServletRequest 27 HttpServletRequest request = (HttpServletRequest) req; 28 //把ServletResponse强转成HttpServletResponse 29 HttpServletResponse response = (HttpServletResponse) resp; 30 //禁止浏览器缓存所有动态页面 31 response.setDateHeader("Expires", -1); 32 response.setHeader("Cache-Control", "no-cache"); 33 response.setHeader("Pragma", "no-cache"); 34 35 chain.doFilter(request, response); 36 } 37 38 public void init(FilterConfig filterConfig) throws ServletException { 39 40 } 41 42 public void destroy() { 43 44 } 45 }
web.xml文件中的配置如下:
1 <filter> 2 <filter-name>NoCacheFilter</filter-name> 3 <filter-class>me.gacl.web.filter.NoCacheFilter</filter-class> 4 </filter> 5 6 <filter-mapping> 7 <filter-name>NoCacheFilter</filter-name> 8 <!--只拦截Jsp请求--> 9 <servlet-name>*.jsp</servlet-name> 10 </filter-mapping>
三、控制浏览器缓存页面中的静态资源
有些动态页面中引用了一些图片或css文件以修饰页面效果,这些图片和css文件经常是不变化的,所以为减轻服务器的压力,可以使用filter控制浏览器缓存这些文件,以提升服务器的性能。
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest; 10 import javax.servlet.ServletResponse; 11 import javax.servlet.http.HttpServletRequest; 12 import javax.servlet.http.HttpServletResponse; 13 14 /** 15 * @ClassName: CacheFilter 16 * @Description: 控制缓存的filter 17 * @author: 孤傲苍狼 18 * @date: 2014-9-1 下午9:39:38 19 * 20 */ 21 public class CacheFilter implements Filter { 22 23 private FilterConfig filterConfig; 24 25 public void doFilter(ServletRequest req, ServletResponse resp, 26 FilterChain chain) throws IOException, ServletException { 27 28 HttpServletRequest request = (HttpServletRequest) req; 29 HttpServletResponse response = (HttpServletResponse) resp; 30 31 //1.获取用户想访问的资源 32 String uri = request.getRequestURI(); 33 34 //2.得到用户想访问的资源的后缀名 35 String ext = uri.substring(uri.lastIndexOf(".")+1); 36 37 //得到资源需要缓存的时间 38 String time = filterConfig.getInitParameter(ext); 39 if(time!=null){ 40 long t = Long.parseLong(time)*3600*1000; 41 //设置缓存 42 response.setDateHeader("expires", System.currentTimeMillis() + t); 43 } 44 45 chain.doFilter(request, response); 46 47 } 48 49 public void init(FilterConfig filterConfig) throws ServletException { 50 this.filterConfig = filterConfig; 51 } 52 53 public void destroy() { 54 55 } 56 }
web.xml文件中的配置如下:
1 <!-- 配置缓存过滤器 --> 2 <filter> 3 <filter-name>CacheFilter</filter-name> 4 <filter-class>me.gacl.web.filter.CacheFilter</filter-class> 5 <!-- 配置要缓存的web资源以及缓存时间,以小时为单位 --> 6 <init-param> 7 <param-name>css</param-name> 8 <param-value>4</param-value> 9 </init-param> 10 <init-param> 11 <param-name>jpg</param-name> 12 <param-value>1</param-value> 13 </init-param> 14 <init-param> 15 <param-name>js</param-name> 16 <param-value>4</param-value> 17 </init-param> 18 <init-param> 19 <param-name>png</param-name> 20 <param-value>4</param-value> 21 </init-param> 22 </filter> 23 <!-- 配置要缓存的web资源的后缀--> 24 <filter-mapping> 25 <filter-name>CacheFilter</filter-name> 26 <url-pattern>*.jpg</url-pattern> 27 </filter-mapping> 28 29 <filter-mapping> 30 <filter-name>CacheFilter</filter-name> 31 <url-pattern>*.css</url-pattern> 32 </filter-mapping> 33 34 <filter-mapping> 35 <filter-name>CacheFilter</filter-name> 36 <url-pattern>*.js</url-pattern> 37 </filter-mapping> 38 <filter-mapping> 39 <filter-name>CacheFilter</filter-name> 40 <url-pattern>*.png</url-pattern> 41 </filter-mapping>
四、实现用户自动登陆
思路是这样的:
1、在用户登陆成功后,发送一个名称为user的cookie给客户端,cookie的值为用户名和md5加密后的密码。
2、编写一个AutoLoginFilter,这个filter检查用户是否带有名称为user的cookie来,如果有,则调用dao查询cookie的用户名和密码是否和数据库匹配,匹配则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆。
核心代码如下:
处理用户登录的控制器:LoginServlet
1 package me.gacl.web.controller; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.Cookie; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 11 import me.gacl.dao.UserDao; 12 import me.gacl.domain.User; 13 import me.gacl.util.WebUtils; 14 15 public class LoginServlet extends HttpServlet { 16 17 public void doGet(HttpServletRequest request, HttpServletResponse response) 18 throws ServletException, IOException { 19 20 String username = request.getParameter("username"); 21 String password = request.getParameter("password"); 22 23 UserDao dao = new UserDao(); 24 User user = dao.find(username, password); 25 if(user==null){ 26 request.setAttribute("message", "用户名或密码不对!!"); 27 request.getRequestDispatcher("/message.jsp").forward(request, response); 28 return; 29 } 30 request.getSession().setAttribute("user", user); 31 //发送自动登陆cookie给客户端浏览器进行存储 32 sendAutoLoginCookie(request,response,user); 33 request.getRequestDispatcher("/index.jsp").forward(request, response); 34 } 35 36 /** 37 * @Method: sendAutoLoginCookie 38 * @Description: 发送自动登录cookie给客户端浏览器 39 * @Anthor:孤傲苍狼 40 * 41 * @param request 42 * @param response 43 * @param user 44 */ 45 private void sendAutoLoginCookie(HttpServletRequest request, HttpServletResponse response, User user) { 46 if (request.getParameter("logintime")!=null) { 47 int logintime = Integer.parseInt(request.getParameter("logintime")); 48 //创建cookie,cookie的名字是autologin,值是用户登录的用户名和密码,用户名和密码之间使用.进行分割,密码经过md5加密处理 49 Cookie cookie = new Cookie("autologin",user.getUsername() + "." + WebUtils.md5(user.getPassword())); 50 //设置cookie的有效期 51 cookie.setMaxAge(logintime); 52 //设置cookie的有效路径 53 cookie.setPath(request.getContextPath()); 54 //将cookie写入到客户端浏览器 55 response.addCookie(cookie); 56 } 57 } 58 59 public void doPost(HttpServletRequest request, HttpServletResponse response) 60 throws ServletException, IOException { 61 62 doGet(request, response); 63 } 64 65 }
处理用户自动登录的过滤器:AutoLoginFilter
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest; 10 import javax.servlet.ServletResponse; 11 import javax.servlet.http.Cookie; 12 import javax.servlet.http.HttpServletRequest; 13 import javax.servlet.http.HttpServletResponse; 14 15 import me.gacl.dao.UserDao; 16 import me.gacl.domain.User; 17 import me.gacl.util.WebUtils; 18 19 public class AutoLoginFilter implements Filter { 20 21 public void doFilter(ServletRequest req, ServletResponse resp, 22 FilterChain chain) throws IOException, ServletException { 23 24 HttpServletRequest request = (HttpServletRequest) req; 25 HttpServletResponse response = (HttpServletResponse) resp; 26 //如果已经登录了,就直接chain.doFilter(request, response)放行 27 if(request.getSession().getAttribute("user")!=null){ 28 chain.doFilter(request, response); 29 return; 30 } 31 32 //1.得到用户带过来的authlogin的cookie 33 String value = null; 34 Cookie cookies[] = request.getCookies(); 35 for(int i=0;cookies!=null && i<cookies.length;i++){ 36 if(cookies[i].getName().equals("autologin")){ 37 value = cookies[i].getValue(); 38 } 39 } 40 41 //2.得到 cookie中的用户名和密码 42 if(value!=null){ 43 String username = value.split("\\.")[0]; 44 String password = value.split("\\.")[1]; 45 46 //3.调用dao获取用户对应的密码 47 UserDao dao = new UserDao(); 48 User user = dao.find(username); 49 String dbpassword = user.getPassword(); 50 51 //4.检查用户带过来的md5的密码和数据库中的密码是否匹配,如匹配则自动登陆 52 if(password.equals(WebUtils.md5(dbpassword))){ 53 request.getSession().setAttribute("user", user); 54 } 55 } 56 57 chain.doFilter(request, response); 58 } 59 60 public void destroy() { 61 62 } 63 64 public void init(FilterConfig filterConfig) throws ServletException { 65 66 } 67 }
如果想取消自动登录,那么可以在用户注销时删除自动登录cookie,核心代码如下:
1 package me.gacl.web.controller; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.Cookie; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 11 public class CancelAutoLoginServlet extends HttpServlet { 12 13 public void doGet(HttpServletRequest request, HttpServletResponse response) 14 throws ServletException, IOException { 15 //移除存储在session中的user 16 request.getSession().removeAttribute("user"); 17 //移除自动登录的cookie 18 removeAutoLoginCookie(request,response); 19 //注销用户后跳转到登录页面 20 request.getRequestDispatcher("/login.jsp").forward(request, response); 21 } 22 23 /** 24 * @Method: removeAutoLoginCookie 25 * @Description: 删除自动登录cookie, 26 * JavaWeb中删除cookie的方式就是新创建一个cookie,新创建的cookie与要删除的cookie同名, 27 * 设置新创建的cookie的cookie的有效期设置为0,有效路径与要删除的cookie的有效路径相同 28 * @Anthor:孤傲苍狼 29 * 30 * @param request 31 * @param response 32 */ 33 private void removeAutoLoginCookie(HttpServletRequest request, HttpServletResponse response) { 34 //创建一个名字为autologin的cookie 35 Cookie cookie = new Cookie("autologin",""); 36 //将cookie的有效期设置为0,命令浏览器删除该cookie 37 cookie.setMaxAge(0); 38 //设置要删除的cookie的path 39 cookie.setPath(request.getContextPath()); 40 response.addCookie(cookie); 41 } 42 43 public void doPost(HttpServletRequest request, HttpServletResponse response) 44 throws ServletException, IOException { 45 doGet(request, response); 46 } 47 }