Struts2拦截器控制session失效

com.opensymphony.xwork2.interceptor.AbstractInterceptor; 

import javax.servlet.http.HttpServletResponse; 
import org.apache.struts2.ServletActionContext; 
import com.huangt.bean.SystemUser; 
/* session过期、登录有效性及操作的权限验证拦截器 */ 
@SuppressWarnings("serial") 
public class LoginedCheckInterceptor extends AbstractInterceptor { 
/** 拦截请求并进行登录有效性验证 */ 
public String intercept(ActionInvocation ai) throws Exception { 
HttpServletRequest request = (HttpServletRequest)ai.getInvocationContext().get(StrutsStatics.HTTP_REQUEST);
//取得请求的URL 
String url = ServletActionContext.getRequest().getRequestURL().toString(); 
HttpServletResponse response = ServletActionContext.getResponse(); 
response.setHeader("Pragma","No-cache"); 
response.setHeader("Cache-Control","no-cache"); 
response.setHeader("Cache-Control", "no-store"); 
response.setDateHeader("Expires",0); 
//对登录与注销请求直接放行,不予拦截 
if (url.indexOf("login.action")!=-1 || url.indexOf("logout.action")!=-1){ 
return ai.invoke(); 
} 
else{
//验证Session是否过期 
if(!ServletActionContext.getRequest().isRequestedSessionIdValid()){ 
//session过期,转向session过期提示页,最终跳转至登录页面 
return "tologin"; 
} 
else{ 
HttpSession session = request.getSession();
String userId = (String)session.getAttribute(SessionConstant.SESSION_USER)
//验证是否已经登录 
if (userId == null){ 
//尚未登录,跳转至登录页面 
return "tologin"; 
}else{ 
return ai.invoke(); 

} 
} 
} 
} 
}