cookie是存储在客户端的,session存储在服务器,所以在这里用session的机制。
1.原理是,用一个sessionMap保存所有登录的key->用户,value->session的键值对。public static Map<String, HttpSession> sessionMap = new HashMap<String, HttpSession>();当判断有相同的用户时,判断他们的sessionId是不是一样的,不是一样的,根据用户名从sessionMap 得到就浏览器用户的session,并把这个session的ISLOGINREPEATED设置为true,那么用旧浏览器用户操作的时候,判断一下这个ISLOGINREPEATED是否过期了,就行。下面给出完整代码。
把下面这段代码加到过滤器中
成员变量:
public static Map<String, HttpSession> sessionMap = new HashMap<String, HttpSession>();
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
response.setCharacterEncoding(“utf-8”); //必须要加,不然中文就乱码了,而且必须在 PrintWriter out = response.getWriter();前面,出现乱码参照这个博客:https://blog.csdn.net/zhupengqq/article/details/51093307
PrintWriter out = response.getWriter();
StringBuilder builder = new StringBuilder();
HttpSession session = request.getSession();
SysUser sysUser= (SysUser) session.getAttribute(“sysUser”);
if(sysUser!=null) {
Boolean isLoginRepeated = (Boolean) session.getAttribute(“ISLOGINREPEATED”);
// 判断登录是否重复
if (null != isLoginRepeated && isLoginRepeated && !sysUser.getUsername().equals(“admin”)) {
// 设置session失效
response.setContentType(“text/html;charset=UTF-8”);
response.setCharacterEncoding(“UTF-8”);
session.invalidate();
out = response.getWriter();
String header = request.getHeader(“X-Requested-With”);
if (StringUtils.isNotEmpty(header) ) {
response.setHeader(“sessionstatus”, “timeout”);
builder.append(“loginrepeated”);
out.print(builder.toString());
out.close();
// 进行下一个Filter
chain.doFilter(request, response);
return;
}
}
// 判断本次用户登录是否重复,重复设置ISLOGINREPEATED为true
if (sessionMap.containsKey(sysUser.getUsername()) && !sysUser.getUsername().equals(“admin”)) {
HttpSession repeatedSession = sessionMap.get(sysUser.getUsername());
if (!repeatedSession.getId().equals(session.getId())) {
try {
repeatedSession.setAttribute(“ISLOGINREPEATED”, true);
} catch (Exception e) {
// TODO: handle exception
logger.debug(“用户:” + sysUser.getUsername() + " 登录超时!");
}
// 移除登录用户MAP中的session集
sessionMap.remove(sysUser.getUsername());
//加入最新登录用户session
sessionMap.put(sysUser.getUsername(), session);
}
} else {
// 没有重复登录用户加入到map
if (null != request.getSession(false)) {
sessionMap.put(sysUser.getUsername(), session);
session.setAttribute(“ISLOGINREPEATED”, false);
}
}
}
}
在公共的js中加一个弹窗。
/**
- 设置session过期
/
App.setSessionTimeOut=function(){
/*- 覆盖jquery ajax默认请求设置
*/
$.ajaxSetup({
contentType : “application/x-www-form-urlencoded;charset=utf-8”,
cache : false,
type:“POST”,
complete : function(XHR, TS) {
if(XHR.responseText&&XHR.responseText==“loginrepeated”){
alert(“账号在异地login,本地账号被迫下线!”);
window.top.location.href = __ctxPath+"/loginController.do?login";
}else if(XHR.responseText&&XHR.responseText==“sessiontimeout”){
alert(“会话过期,请重新登录!”);
window.top.location.href = __ctxPath+"/loginController.do?login";
}
}
});
};
- 覆盖jquery ajax默认请求设置
$(function(){
App.setSessionTimeOut();
});