验证码清除，防止多次使用。

e0e305c4 · RuoYi · ed428037 · e0e305c4
Commit e0e305c4 authored Jun 28, 2020 by RuoYi
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java
+2 -3

No files found.
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java
@@ -61,13 +61,12 @@ public class CaptchaValidateFilter extends AccessControlFilter
    {
        Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
        String code = String.valueOf(obj != null ? obj : "");
-        //无论验证码是否正确，凡验证过一次后都应将原值不可用,直到页面重新请求验证码,以防恶意用户持有该验证码进行针对后台发包的暴力破解
-        request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, ShiroConstants.CAPTCHA_ERROR);
+        // 验证码清除，防止多次使用。
+        request.getSession().removeAttribute(Constants.KAPTCHA_SESSION_KEY);
        if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code))
        {
            return false;
        }
-
        return true;
    }