java session过滤、遍历、单一登录

现在有这样的需求,1 能够遍历系统中的session,2 能禁止用户同一时间多次登录,如果用户重复登录,则最后登录的有效,前面登录自动失效。

该功能的实现大概思路是:建立一个session的监听,侦听session创建和销毁事件。创建一个哈希表,用来记录哪些用户在线,当用户登录时加入该哈希表,退出或session过期时从中删除。利用该方式,可判断当前要登录的人是否已经登录,如果已经登录,将旧session注销,从而达到踢人的目的。

1. 监听和哈希表:

/**
*
*/
package casco.com.tse.interceptor;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;

import casco.com.tse.util.sys.param.SysParam;

/**
* session listener<br>
* used to record who’s online and kick somebody’s ass
* @author Joshua
*
*/
public class SessionListener implements HttpSessionListener {

public static Map<String, HttpSession> sessionMap = new HashMap<String, HttpSession>();

@Override
public void sessionCreated(HttpSessionEvent arg0) {
// TODO Auto-generated method stub
HttpSession session = arg0.getSession();
sessionMap.put((String) session.getAttribute(SysParam.SESSION_USER), session);
}

@Override
public void sessionDestroyed(HttpSessionEvent arg0) {
// TODO Auto-generated method stub
HttpSession session = arg0.getSession();
if (session.getAttribute(SysParam.SESSION_USER) != null) {
sessionMap.remove(session.getAttribute(SysParam.SESSION_USER));
session.invalidate();
}
}

}

2. 将监听加入web.xml:

<listener>
<listener-class>casco.com.tse.interceptor.SessionListener</listener-class>
</listener>

3. 禁止多点登录功能:

/*************
* kick out userid’s old session if exist
* and add userid’s new session when session is not null
* @param userid
* @param session
*/
protected void kickadd(String userid,HttpSession session) {
if (SessionListener.sessionMap.containsKey(userid)) {
System.out.println(“kick out: “+userid);
HttpSession oldSession = SessionListener.sessionMap.get(userid);
oldSession.invalidate();

//下面这句是判断前后两个session是否相同,如果相同,就不要踢出

if (session != null && oldSession != null && session.getId().equals(oldSession.getId())) {
return;
}
SessionListener.sessionMap.remove(userid);
}
if (session != null) {
SessionListener.sessionMap.put(userid, session);
}
//print who’s online
// Iterator iterator = SessionListener.sessionMap.keySet().iterator();
// while (iterator.hasNext()) {
// System.out.println(“online: “+iterator.next());
// }
}

在用户登录、退出的action中调用kickadd函数。如果是退出,第二个参数传递null即可。

4. 由session过滤器实现session不存在时页面的跳转

/**
*
*/
package casco.com.tse.interceptor;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import casco.com.tse.util.sys.param.SysParam;

/**
* session filter, redirect if no session
*
* @author 60874
*
*/
public class SessionFilter implements Filter {

public void destroy() {
// TODO Auto-generated method stub

}

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest httprequest = (HttpServletRequest) request;
HttpSession session = httprequest.getSession(false);
String requesturi = httprequest.getRequestURI();
System.out.println(requesturi);
if (!requesturi.contains(“login”) && !requesturi.contains(“logout”)) {
System.out.println(“session fiter”);
if (session == null || session.getAttribute(SysParam.SESSION_USER) == null) {
PrintWriter writer = response.getWriter();
response.setContentType(SysParam.RESPONSE_UTF8);
System.out.println(requesturi);
writer.write(“{success: false,\”msg\”:\”会话已过期,请重新登录系统!\”}”);
writer.flush();
writer.close();
// RequestDispatcher dispatcher =
// httprequest.getRequestDispatcher(“login.jsp”);
// dispatcher.forward(request, response);
return;
}
}
chain.doFilter(request, response);
}

public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub

}

}

This entry was posted in Computer, Java. Bookmark the permalink.

3 Responses to java session过滤、遍历、单一登录

  1. jy says:

    请问 (String) session.getAttribute(SysParam.SESSION_USER) 这个是神马,又有神马作用呢??

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s