By default, the session object is not destroyed immediately after the browser is closed. Therefore, to consider the security of the system, the session object needs to be cleared immediately when the user exits, prevent others from stealing information from session objects.
The main method to clear the content of a session object is as follows:
(1) removeattribute () method. This method is used to delete the specified property information stored in the session object.
Example: Session. setattribute ("name", "Iverson"); Session. removeattribute ("name ");
(2), invalidate () method. This method can clear all information in the session object.
Example: Session. invalidate ().
Generally, after the browser is closed, the session information can be cleared only after the session object expires. If you need to disable the browser to clear the session information, try the following methods.
<Body onbeforeunload = "window. Location = 'logout. jsp '">
You can do this on the logout. jsp page: <% httpsession session = request. getsession (); Session. invalidate (); %>
Today, there are many frameworks based on the MVC Architecture Model. ThereforeCode, Directly separated from the JSP page according to the selected MVC framework.