问题描述

Wicket org.apache.wicket.authroles.authentication.AuthenticatedWebSession 有 2 个方法:signOut 和 invalidate.javac 说 signOut 标记使用 not login 而 invalidate 做同样的事情(例如调用 signOut)但是

Wicket org.apache.wicket.authroles.authentication.AuthenticatedWebSession has 2 methods: signOut and invalidate. The javac says that signOut mark use not logged in while invalidate do the same (e.g. call signOut) but

从保存的地方删除登录数据

首先应该调用注销操作 signOut.但出于安全原因，会话必须在用户登录或注销后立即失效.所以从这一点开始 invalidate 应该被调用.

At first glace for logout action signOut should be called. But for security reasons session must be invalidated immediately after user logins or logouts. So from this point invalidate should be called.

那么注销时调用什么?还有什么时候需要调用 signOut 以及什么时候 invalidate?

So what to call for logout? Also when it is needed to call signOut and when invalidate?

推荐答案

如果只想注销，请使用 AuthenticatedWebSession#signOut().

If you want to logout only, use AuthenticatedWebSession#signOut().

AuthenticatedWebSession 使用内部布尔标志signedIn"来通知用户是否已登录 (true) 或任何正文从未登录或用户已注销.

AuthenticatedWebSession uses an internal boolean flag 'signedIn' to notice if a user has been signed in (true) or no body has been ever signed in or a user has been logged out.

WebSession#invalidate() 负责从 Wicket 会话注册表中删除会话并使其完全失效.AuthenticatedWebSession#invalidate() 的实现也会调用 AuthenticatedWebSession#signOut()，以便完成常规注销.如果您的注销过程需要一些其他操作，这可能会有所帮助，因此您可以覆盖 AuthenticatedWebSession#signOut() 方法.

WebSession#invalidate() is responsible for removing session from the Wicket session registry and its complete invalidation. The implementation of AuthenticatedWebSession#invalidate() invokes AuthenticatedWebSession#signOut() as well, so that the regular log out is done. That could be helpful if your logout process requires some other action, so you can override AuthenticatedWebSession#signOut() method.

换句话说:

• invalidate() 调用 signOut() 然后从会话注册表中删除会话.
• signOut() 将会话标记为未登录"，但不会删除会话.

这篇关于在 wicket 应用程序中使用什么方法注销?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！