简体繁体中英

Spring security: Session is invalidated when user isn't authenticated

原文 2013-07-22 03:48:32 8 1 java/ spring/ session/ spring-security

Whenever I run my web application and I go to the default page, I get a ROLE_ANONYMOUS user inside my authorities which is expected. However, when I go idle, the session times out which causes my invalid-session-url to be triggered. Is there anyway to exclude unauthenticated users from the session timeout?

EDIT: The easiest way I found is by setting an InvalidSessionStrategy . Problem is, I don't know how to. I don't really need to create my own implementation of SessionManagementFilter . What I want is control of how the application will handle invalid-session-url . Can anyone help me out?

1 answers

Having a session is a good practice even for un-authenticated users. Implement your invalid-session-url in a way that it checks for authentication before redirecting. If the user is not authenticated, redirect to a session-idle-timeout page.

Session isn't destroyed just after being expired (invalidated) manually in Spring Security

Spring Security - User keeps authenticated on session destroy

Spring Security: How to programmatically define forwarding logic if a user isn't authenticated

Spring Security 3 check if user is authenticated

Why spring security context doesn`t persist authenticated custom user?

Getting 401 Unauthorized Even when the user is authenticated (Spring Security)

In spring security, how to find if the session has been invalidated by multiple logins?

How can I use Spring Security with a cluster with session replication to fail-over an authenticated user?

spring security pre authenticated user login

Spring security: get Authenticated user in method

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Session isn't destroyed just after being expired (invalidated) manually in Spring Security Spring Security - User keeps authenticated on session destroy Spring Security: How to programmatically define forwarding logic if a user isn't authenticated Spring Security 3 check if user is authenticated Why spring security context doesn`t persist authenticated custom user? Getting 401 Unauthorized Even when the user is authenticated (Spring Security) In spring security, how to find if the session has been invalidated by multiple logins? How can I use Spring Security with a cluster with session replication to fail-over an authenticated user? spring security pre authenticated user login Spring security: get Authenticated user in method

Related Tags

Spring security: Session is invalidated when user isn't authenticated

Question

1 answers

solution1 0 2013-07-22 04:06:44

solution1
0 2013-07-22 04:06:44