jsp:通过Session控制登陆时间和内部页面的访问

<form action="com.in.User" method="post"><div class="loginbox"><div class="errorbox"><i class="error"></i>用户名或密码错误，请重新输入！</div><div class="logongroup"><input class="intext" type="text" name="UserName" placeholder="用户名" /><i class="user"></i></div><div class="logongroup"><input class="intext" type="password" name="PassWord" placeholder="密码" /><i class="password"></i></div><div class="logongroup submitbox"><button class="submitbtn" type="submit">登&nbsp;&nbsp;录</button></div></div></form>

package com.in;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class User extends HttpServlet { ???/** ????* Constructor of the object. ????*/ ???public User() { ???????super(); ???} ???/**　　 ????* Destruction of the servlet. <br> ????*/ ???public void destroy() { ???????super.destroy(); // Just puts "destroy" string in log ???????// Put your code here ???} ???/** ????* The doGet method of the servlet. <br> ????* ????* This method is called when a form has its tag value method equals to get. ????* ?????* @param request the request send by the client to the server ????* @param response the response send by the server to the client ????* @throws ServletException if an error occurred ????* @throws IOException if an error occurred ????*/ ???public void doGet(HttpServletRequest request, HttpServletResponse response) ???????????throws ServletException, IOException { ???????HttpSession session=request.getSession(); ???????session.setAttribute("user","yes"); ???????request.getRequestDispatcher("default.jsp").forward(request, response); ???????????} ???/** ????* The doPost method of the servlet. <br> ????* ????* This method is called when a form has its tag value method equals to post. ????* ?????* @param request the request send by the client to the server ????* @param response the response send by the server to the client ????* @throws ServletException if an error occurred ????* @throws IOException if an error occurred ????*/ ???public void doPost(HttpServletRequest request, HttpServletResponse response) ???????????throws ServletException, IOException { ???} ???/** ????* Initialization of the servlet. <br> ????* ????* @throws ServletException if an error occurs ????*/ ???public void init() throws ServletException { ???????// Put your code here ???}}

<% ???????String aa=(String)session.getAttribute("user"); ???????if(!"yes".equals(aa)&&aa==null){ ???????response.sendRedirect("longin.jsp"); ???????} %>