会话超时后自动重定向到登录页面-JSP,Spring [英] automatically redirect to login page after session timeout - JSP, Spring
问题描述
我可以在会话注销后将用户重定向到主页..这非常简单.但是,如果用户登录了该应用程序并打开了页面,即使会话超时,他也可以执行所有功能(这很糟糕).
I can redirect a user to home page upon session logout.. this was very simple. However, if an user had logged into the app and had the page open, even on session time out, he is able to perform all the functions(this is bad).
在刷新页面或将页面提交到服务器之前,重定向不会发生.即使用户当前未登录,也有一些更新功能可以由用户执行...我已经做了很多工作的研究,但无法解决此解决方案.我也找到了这个线程,但是似乎没有正确的答案:
The redirect does not happen until the page is refreshed, or submitted to the server... there are some update functions that could be done by the user even if he is not currently logged in... I have done a lot of research but unable to fix this solution. I also found this thread but it seems to have no proper answer:
Spring Security 3.1-自动会话超时时重定向到登录页面
例如,大多数银行网站都在超时后将您注销..它们不会等到您回来然后提交请求,才将您重定向到主页.
For example, most of the banking sites log you out after a time out.. they do not wait until you come back and then submit a request before you are redirected to home page.
推荐答案
假设没有任何效果.您可能需要考虑以下提到的方法:
Assuming nothing works out. You may want to consider below mentioned approches:
方法1:
在浏览器上创建一个cookie,并在其中包含encrypted timestamp,其中将包含来自浏览器的上次访问/请求时间戳,对于每个请求,首先获取此cookie值并与预定义的会话超时时间进行比较(如果达到会话超时时间),然后将用户重定向到错误页面,否则将处理请求.注销后删除cookie.
Approach 1:
Create a cookie on browser and have encrypted timestamp in it that will contain last visited/request timestamp from browser, for each request first get get this cookie value and compare with the pre-defined session out time, if session-out time reached then redirect user to error page else serve the request. On logout delete the cookie.
为什么要为时间戳加密值:如果用户以某种方式知道用于会话超时的cookie,则可以在浏览器中更改此值并继续发送此请求.
Why encrypted value for timestamp: if somehow user gets to know about cookie used for session timeout then (s)he can change this value in browser and keep on sending this request.
方法2: 您还可以通过在数据库中为每个登录用户输入一个条目并为每个请求更新该数据库中的时间戳来实现此目的.对于每个传入的请求,从数据库中获取此时间戳,并将其与超时的预定义值进行比较并进行相应的处理.注销后,删除条目.
Approach 2: You can also achieve this by making an entry in your database for every logged-in user and updating timestamp in this database for each request. For each incoming request get this timestamp from database and compare it with pre-defined value for timeout and handle accordingly. On logout delete the entry.
In both the approaches explicitly perform response.redirect("errorPageUrl");
这篇关于会话超时后自动重定向到登录页面-JSP,Spring的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
