用session.invalidate( );使会话过期
例:package com.jspservletcookbook; import javax.servlet.*;
import javax.servlet.http.*;public class LogoutServlet extends HttpServlet { public void doGet(HttpServletRequest request,
HttpServletResponse response)throws ServletException,
java.io.IOException {
HttpSession session = request.getSession( );
response.setContentType("text/html");
java.io.PrintWriter out = response.getWriter( );
out.println(
"<html><head><title>Authenticated User Info</title></head><body>");
out.println("<h2>Logging out a user</h2>");
out.println("request.getRemoteUser( ) returns: ");
//get the logged-in user's name
String remUser = request.getRemoteUser( );
//Is the request.getRemoteUser( ) return value null? If
//so, then the user is not authenticated
out.println(remUser == null ? "Not authenticated." : remUser );
out.println("<br>");
out.println("request.isUserInRole(\"dbadmin\") returns: ");
//Find out whether the user is in the dbadmin role
boolean isInRole = request.isUserInRole("dbadmin");
out.println(isInRole);
out.println("<br>");
//log out the user by invalidating the HttpSession
session.invalidate( );
out.println("</body></html>");
} //doGet
public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException,
java.io.IOException {
doGet(request,response);
} //doPost} //LogoutServlet
例:package com.jspservletcookbook; import javax.servlet.*;
import javax.servlet.http.*;public class LogoutServlet extends HttpServlet { public void doGet(HttpServletRequest request,
HttpServletResponse response)throws ServletException,
java.io.IOException {
HttpSession session = request.getSession( );
response.setContentType("text/html");
java.io.PrintWriter out = response.getWriter( );
out.println(
"<html><head><title>Authenticated User Info</title></head><body>");
out.println("<h2>Logging out a user</h2>");
out.println("request.getRemoteUser( ) returns: ");
//get the logged-in user's name
String remUser = request.getRemoteUser( );
//Is the request.getRemoteUser( ) return value null? If
//so, then the user is not authenticated
out.println(remUser == null ? "Not authenticated." : remUser );
out.println("<br>");
out.println("request.isUserInRole(\"dbadmin\") returns: ");
//Find out whether the user is in the dbadmin role
boolean isInRole = request.isUserInRole("dbadmin");
out.println(isInRole);
out.println("<br>");
//log out the user by invalidating the HttpSession
session.invalidate( );
out.println("</body></html>");
} //doGet
public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException,
java.io.IOException {
doGet(request,response);
} //doPost} //LogoutServlet
public void sessionDestroyed(yyyy);}# web.xml<web-app>
<listener>
<listener-class>XXXListener</listener-class>
</listener>
</web-app>
为什么Session过期后, 地址栏中URL变为当前目录下的Logout.jsp (此页面是不存在的), 内容显示的是login.jsp的. 如果仅仅这样我也可以不深究了, 但它重新登录后又去按照刚才那个不存在的URL(.../logout.jsp)去访问, 于是就会显示页面不存在的错误了.