同一账号在不同浏览器不能同时登录
用的是首先到map(存到一级缓存)里面去找是否有当前账号,如果没有则加入map,参数是账号和sessionid,如果有账号则判断sessionid是否相同,如果不相同则删除之前的账号,加入新的账号和sessionId
1.在登陆的时候判断当前用户有么有在其他浏览器登陆,如果有登陆则把之前的浏览器的账号进行登出
1 // 登录成功,保存当前用户登录的sessionId 2 String sessionID = request.getRequestedSessionId(); 3 String userAccount = userLoginRsp.getUserAccount(); 4 if (!SessionSave.getSessionIdSave().containsKey(userAccount)) { 5 SessionSave.getSessionIdSave().put(userAccount, sessionID); 6 }else if(SessionSave.getSessionIdSave().containsKey(userAccount)&&!sessionID.equals(SessionSave.getSessionIdSave().get(userAccount))){ 7 SessionSave.getSessionIdSave().remove(userAccount); 8 SessionSave.getSessionIdSave().put(userAccount, sessionID); 9 }
2.在其他页面进行请求的时候进行监听过滤、拦截是否该账号在其他的浏览器重新登陆,如果重新登陆,则该页面的请求终止跳转到首页
在过滤器和拦截器中判断当前map的sessionid和当前sessionid是否相同,如果不同,之前的sessionId被登出
在servlet-context.xml配置拦截器
1 <!-- 拦截器 --> 2 <mvc:interceptors> 3 <!-- 登录拦截 --> 4 <mvc:interceptor> 5 <mvc:mapping path="/**"/> 6 <bean class="com.gta.scm.common.login.LoginInterceptor" /> 7 </mvc:interceptor> 8 </mvc:interceptors>
在web.xml中配置过滤器
<!-- 过滤JSP页面,处理session过期用途 -->
<filter> <filter-name>sessionFilter</filter-name> <filter-class>com.gta.scm.common.login.CheckSessionFilter</filter-class> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
过滤器具体实现
1 public class CheckSessionFilter implements Filter { 2 3 @Override 4 public void destroy() { 5 // TODO Auto-generated method stub 6 7 } 8 9 @Override 10 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) 11 throws IOException, ServletException { 12 13 HttpServletRequest request = (HttpServletRequest) servletRequest; 14 HttpServletResponse response = (HttpServletResponse) servletResponse; 15 HttpSession session = request.getSession(); 16 request.setCharacterEncoding("UTF-8"); 17 response.setCharacterEncoding("UTF-8"); 18 response.setContentType("text/html;charset=UTF-8"); 19 20 // 后台session控制 ,无需登录,允许访问的地址 21 String[] allowUrls = new String[] {"/page/login/loginHelp.jsp","/page/login/login.jsp","/page/common/sessionrun.jsp","page/common/sessionOut.jsp"}; 22 //获取请求地址 23 String url = request.getServletPath().toString(); 24 String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath()+"/"; 25 UserLoginRsp user =(UserLoginRsp) session.getAttribute("user"); 26 //System.out.println(url); 27 boolean b = false; 28 for (String strUrl : allowUrls) { 29 if(url.contains(strUrl)) 30 { 31 b = true; 32 break; 33 } 34 } 35 if(!b){ 36 //获得session中的用户 37 boolean buser = true; 38 try { 39 if(null == user){ 40 buser = false; 41 42 } 43 44 } catch (Exception e) { 45 buser = false; 46 } 47 if(!buser){ 48 // 未登录 49 /*Map<String, HttpSession> map=LoginListenner.getMap(); 50 if(map!=null&&map.size()>0) 51 { 52 if() 53 response.sendRedirect(basePath + "page/common/sessionOut.jsp");//重定向到指定的错误界面 54 } 55 else 56 {*/ 57 response.sendRedirect(basePath + "page/common/sessionrun.jsp");//重定向到指定的错误界面 58 /*}*/ 59 return ; 60 }else{ 61 String sessionId = SessionSave.getSessionIdSave().get(user.getUserAccount());//获取全局类SessionSave保存账户的静态sessionId 62 String currentSessionId = session.getId();//获取当前的sessionId 63 if (!currentSessionId.equals(sessionId)) {//如果两个sessionId不等,则当前账户强制下线,需要重新登录 64 response.sendRedirect(basePath + "page/common/sessionOut.jsp");//重定向到指定的强制登陆页面 65 }else {// 如果是同一账户session则放行请求 66 67 filterChain.doFilter(servletRequest, servletResponse); 68 return; 69 } 70 } 71 }else{ 72 filterChain.doFilter(servletRequest, servletResponse); 73 return; 74 } 75 76 } 77 78 @Override 79 public void init(FilterConfig arg0) throws ServletException { 80 // TODO Auto-generated method stub 81 82 } 83 84 }
拦截器具体实现
1 public class LoginInterceptor implements HandlerInterceptor { 2 3 @Override 4 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) 5 throws Exception { 6 //创建session 7 HttpSession session =request.getSession(); 8 9 request.setCharacterEncoding("UTF-8"); 10 response.setCharacterEncoding("UTF-8"); 11 response.setContentType("text/html;charset=UTF-8"); 12 13 // 后台session控制 ,无需登录,允许访问的地址 14 String[] allowUrls = new String[] { "login/loginInfo", "login/doLogin","login/loginOut","login/sessionLoginRun","page/common/sessionOut.jsp" }; 15 //获取请求地址 16 String url = request.getServletPath().toString(); 17 String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath()+"/"; 18 System.out.println(url); 19 for (String strUrl : allowUrls) { 20 if(url.contains(strUrl)) 21 { 22 return true; 23 } 24 } 25 boolean b = true; 26 //获得session中的用户 27 try { 28 UserLoginRsp user =(UserLoginRsp) session.getAttribute("user"); 29 if(null == user){ 30 b = false; 31 /** 32 * 拦截目录下请求,是否为ajax请求 33 * 是:无需登录,直接访问(因为我是用于首页的ajax登录请求) 34 * 否:跳转至登录界面 35 */ 36 if (request.getHeader("x-requested-with") != null && request.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){ 37 /*Map<String, HttpSession> map=LoginListenner.getMap(); 38 if(map!=null&&map.size()>0) 39 { 40 response.getWriter().write("该账号已在其它地方登录,请重新登录!"); 41 42 } 43 else 44 {*/ 45 response.getWriter().write("登录超时"); 46 /*}*/ 47 return false; 48 } 49 } 50 else 51 { 52 String sessionId = SessionSave.getSessionIdSave().get(user.getUserAccount());//获取全局类SessionSave保存账户的静态sessionId 53 String currentSessionId = session.getId();//获取当前的sessionId 54 if (!currentSessionId.equals(sessionId)) {//如果两个sessionId不等,则当前账户强制下线,需要重新登录 55 response.sendRedirect(basePath + "page/common/sessionOut.jsp");//重定向到指定的强制登陆页面 56 } 57 // 如果是同一账户session则放行请求 58 } 59 60 } catch (Exception e) { 61 b = false; 62 } 63 if(!b){ 64 // 未登录 65 /*Map<String, HttpSession> map=LoginListenner.getMap(); 66 if(map!=null&&map.size()>0) 67 { 68 response.sendRedirect(basePath + "page/common/sessionOut.jsp");//重定向到指定的错误界面 69 } 70 else 71 {*/ 72 response.sendRedirect(basePath + "page/common/sessionrun.jsp");//重定向到指定的错误界面 73 /*}*/ 74 return false; 75 } 76 return b; 77 78 } 79 80 @Override 81 public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, 82 ModelAndView modelAndView) throws Exception { 83 // TODO Auto-generated method stub 84 85 } 86 87 @Override 88 public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) 89 throws Exception { 90 // TODO Auto-generated method stub 91 92 } 93 94 }
添加SessionSave类,存储静态map
1 public class SessionSave { 2 private static Map<String, String> SessionIdSave = new HashMap<String,String>(); 3 4 public static Map<String, String> getSessionIdSave() { 5 return SessionIdSave; 6 } 7 8 public static void setSessionIdSave(Map<String, String> sessionIdSave) { 9 SessionIdSave = sessionIdSave; 10 } 11 12 13 }
