Spring Security - session timeout redirection - how redirection initiated
Question
I was wondering, how redirection works at session timeout. In our application, on session timeout users get redirected to login page.
- What attribute of session-management cause the redirection?
- is it app-server or spring, who initiate the redirection?
- if I intercept this request, will I get a valid session or invalid session? FYI, in our case request.isRequestedSessionIdValid returns true. It means session is still valid. If I perform browser refresh still I get the valid session. Is that the correct behavior? FYI, we have session listener in place and a Filter on login page.
I wanted to understand how all this happens. Please help me to understand.
1 answers
solution1
0 2014-05-07 14:57:15
Well, Spring Security has very flexible and extensible set of tools. Session management is not an exception. For session timeout redirect in java based configs you should use:
protected void configure(HttpSecurity http) throws Exception {
http
...
.sessionManagement()
.invalidSessionUrl("/some_redirect_URL")
...
}
This mechanism triggers one of implementations of InvalidSessionStrategy which handles the timeout exception.
Read the Spring Security documentation for more details.
You can invalidate a session in your SessionListener
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.