如何在 spring 3 中结束会话

我认为使用 @SessionAttributes 时的常见问题是在您使当前会话无效后，Spring MVC 将模型属性附加回新会话——因此造成它永远不会失效的印象

I think the common problem when using @SessionAttributes is after you invalidate your current session, Spring MVC attach the model attributes back into the new session -- hence causing the impression it never invalidates

您可以在 & 之前检查 JSESSIONID 的值在您使其无效之后.您将获得一个全新的 JSESSIONID，但之前的模型属性会直接附加到新会话中

You can check the value of JSESSIONID before & after you invalidate it. You will get a brand new JSESSIONID, yet previous model attributes are attached straight into the new session

我发现自己必须这样做才能在使会话无效后从会话中擦除名称为counter"的模型属性

I found myself having to do this to wipe a model attribute of name "counter" from session after invalidating it

@RequestMapping(value="/invalidate", method=RequestMethod.POST)
public String invalidate(HttpSession session, Model model) {
  session.invalidate();
  if(model.containsAttribute("counter")) model.asMap().remove("counter");
  return "redirect:/counter";
}

如果你有很多属性，当然你可以尝试使用

If you have plenty attributes, ofcourse you can try wiping everything off using

model.asMap().clear();

但在我看来，更好的方法是使用一个没有 @SessionAttribute 的不同控制器来无效.因此，其他控制器的任何模型属性都不会直接附加到新会话中.例如:

But in my opinion better approach is to invalidate using a different controller that doesn't have @SessionAttribute on it. Hence whatever model attributes other controllers have won't be attached straight into the new session. Eg:

@Controller
@RequestMapping("/logout")
public class LogoutController {

  @RequestMapping(method=RequestMethod.POST)
  public String logout(HttpSession session) {
    session.invalidate();
    return "redirect:/login";
  }
}