堆栈内存溢出
  简体   繁体   English

使javax.servlet.http.HttpSession在某些页面上不超时

[英]Make javax.servlet.http.HttpSession not timeout on certain pages

 原文  2011-02-03 23:33:02       java/ servlets/ session-timeout

问题描述

I'm refactoring an application which was doing its own session timeout management. 我正在重构一个正在执行其会话超时管理的应用程序。 I noted that the HttpSession supports setting a timeout value. 我注意到HttpSession支持设置超时值。

There is an event listener (HttpSessionListener I assume) that is redirecting to a 'timeout' page. 有一个事件侦听器(我假设是HTTPSessionListener),它正在重定向到“超时”页面。 "We're sorry your session expired, heres a link to the login page" kind of thing. “很抱歉,您的会话已过期,这是登录页面的链接”。

The problem is that when I first hit the app and am sitting on the login page, the session timeout event still fires. 问题是,当我第一次点击应用程序并坐在登录页面上时,会话超时事件仍然会触发。 So I can be looking at the login page and get redirected to the timeout page. 因此,我可以查看登录页面并重定向到超时页面。

What I want to happen is that if I am on the login page and only on the login page, that the session timeout does not occur. 我想发生的是,如果我在登录页面上并且仅在登录页面上,则不会发生会话超时。 How do I do this? 我该怎么做呢?

I have already tried calling HttpSession.setMaxInactiveInterval(-1) in the default view resolution in the login's ActionBean, but that did not work. 我已经尝试过以登录名的ActionBean的默认视图分辨率调用HttpSession.setMaxInactiveInterval(-1) ,但这没有用。

I believe the session is being created, but not necessarily authenticated, whenever any page is accessed. 我相信无论何时访问任何页面,都将创建该会话,但不一定要对其进行身份验证。

1 个解决方案

解决方案1
 0 已采纳  2011-02-04 08:49:19

Where do you have the redirecting happening? 您在哪里进行重定向? If it's something declaratively set somewhere in a configuration file you could remove it and implement the HttpSessionListener interface. 如果在配置文件中某处声明性地设置了某些内容,则可以将其删除并实现HttpSessionListener接口。

In the sessionDestroyed method u would make the following: 在sessionDestroyed方法中,您将进行以下操作:

  • Get the session from the sessionEvent 从sessionEvent获取会话
  • If the session contained an authentication flag then redirect 如果会话包含身份验证标志,则重定向

U could also keep the last page requested by the user and use that as a reference to determine whether to redirect or not but what do you do if a user is already authenticated and browses to the login page? U还可以保留用户请求的最后一页,并将其用作确定是否重定向的参考,但是如果用户已经通过身份验证并浏览到登录页面,您会怎么做? I do not have a lot of information about your application. 我没有关于您的申请的很多信息。

Anyway the HttpSessionListener is the way to go I think. 无论如何,我认为HttpSessionListener是必经之路。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java - javax.websocket.Session 和 javax.servlet.http.HttpSession 是否使用相同的 JSESSIONID? - Java - Does javax.websocket.Session and javax.servlet.http.HttpSession use the same JSESSIONID? javax.servlet.http.HttpServletRequest 中的 HttpSession 如何工作 - How does HttpSession from javax.servlet.http.HttpServletRequest work Tomcat:“违规类:javax / servlet / Servlet.class”,然后超时 - Tomcat: “Offending class: javax/servlet/Servlet.class” then timeout Servlet应用程序:Http会话超时 - Servlet application: Http session timeout 无法解析javax.servlet.http - Can't resolve javax.servlet.http 找不到javax.servlet.http.HttpServlet“ - javax.servlet.http.HttpServlet" was not found 找不到 javax.servlet.http.HttpServletResponse.getStatus() - javax.servlet.http.HttpServletResponse.getStatus() not found javax.servlet.http.HttpServlet 缺失 - javax.servlet.http.HttpServlet missing 缺少 javax.servlet.http.Cookie class - Missing javax.servlet.http.Cookie class 带有Servlet + Java的HttpSession无法正常工作 - HttpSession with Servlet + Java not working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM