

我正在用一系列 Servlets 做一个简单的论坛,每个论坛都代表一个家,主题,发布,登录和用户列表页面。在其中一些页面上,当用户未登录时会出现一个链接。

I'm doing a simple forum with a series of Servlets that each represent a home, topic, postedit, login and userlist page. On some of these pages there is a link that appears when a user isn't logged in.

我想要实现的是触发重定向(使用转发) ()在RequestDispatcher上)登录后,浏览器返回到用户所在的页面,然后再单击登录链接。为了做到这一点,我看到了两个解决方案。

What I'd like to achieve is to trigger a redirection (using forward() on a RequestDispatcher) after a login so the browser goes back to the page where a user was before clicking the login link. In order to do this, I see two solutions.

第一个解决方案是使用HTML 表单登录按钮和一个不可见的字段,其中包含的信息将说明要重定向的页面为参数。这是可行的,但我想尝试别的。

The first solution is to have an HTML Form with a login button and an invisible field that will contain information that will say what page to redirect as a Parameter. This is doable but I'd like to try something else.

第二个解决方案是添加属性会话以某种方式代表第一个页面。这可能包含一个String,但这与第一种方法没有什么不同。另一个转折是添加对HttpServlet的引用并使用instanceof或静态String变量,该变量可用于以某种方式标识Servlet。但是,这需要为所有 Servlets 创建一个共同的祖先类。

The second solution is to add an Attribute to the session that represents the first "page" in some way. This could contain a String but this is no different from the first approach. Another twist would be to add a reference to the HttpServlet and to use instanceof or a static String variable that could be used to identify the Servlet in some way. However, this would require creating a common ancestor class for all the Servlets.


Perhaps there is another simple solution that you can see that would form a good compromise ? Or, maybe one of the above solutions is perfectly acceptable ?


I would prefer the first above the second solution. This is request scoped information and really doesn't belong in the session, it would only lead to "wtf?" experiences when you have multiple windows/tabs open in the same session.


On the link to the login page, just pass the current URL as request parameter:

<a href="/login?from=${pageContext.request.requestURI}">Login</a>


Or if it is a POST form to the login page:

<input type="hidden" name="from" value="${pageContext.request.requestURI}">


In the login form, transfer it to the next request as hidden variable:

<input type="hidden" name="from" value="${param.from}">


In the login servlet, make use of it:

User user = userDAO.find(username, password);
if (user != null) {
    request.getSession().setAttribute("user", user);
} else {
    // Show error.

相当简单,不是吗? :)

Fairly simple, isn't it? :)

有些人可能会建议在登录表单中使用 request.getHeader(referer)登录前链接/按钮中的 request.getRequestURI(),但我不这样做,因为这是客户端控制的,并不总是返回可靠的信息。有些客户已经禁用它或者正在使用某些软件,这些软件使用无效值来欺骗它,例如大多数( cough )赛门铁克产品都会这样做。

Some may suggest to use request.getHeader("referer") for this inside the login form instead of request.getRequestURI() in the link/button before login, but I wouldn't do that as this is client-controlled and doesn't always return reliable information. Some clients have disabled it or are using some software which spoofes it with an invalid value, such as most of the (cough) Symantec products do.