HTTP状态403-找不到预期的CSRF令牌.会话是否已过期? [英] HTTP Status 403 - Expected CSRF token not found.Has session expired?
问题描述
我有一个Spring MVC应用程序,视图层基于jsp.有时我收到此错误消息,并且此消息为true,会话确实过期了.如果我再次登录,那一切都很好. 我正在使用以下机制发送CSRF令牌: 在第2部分中,添加了元标记:
I have a Spring MVC application, view layer is jsp based.At times I get this error message and this message is true, session really got expired.If I login once again then it is all fine. I am using following mechanism to send CSRF token: In head section 2 meta tags are added:
<meta name="_csrf" content="${_csrf.token}" />
<meta name="_csrf_header" content="${_csrf.headerName}" />
在每个Ajax调用中,都会检索令牌和标头:
In every Ajax call,token and header are retrieved:
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
然后使用XMLHttpRequest此标头&令牌已发送:
Then with XMLHttpRequest this header & token are sent:
$.ajax({
type : "GET",
url : xxx,
beforeSend : function(xhr) {
xhr.setRequestHeader(header, token);
},
complete : function() {
},
success : function(response) {
}
});
大多数jsp页面都是这样.我试图在警报消息中捕获令牌&;有用.如果会话已通过一个页面过期,我想将用户重定向到登录页面,该页面将显示用户被重定向的原因.该怎么办?
This is how it is in most jsp pages.I have tried to capture the token in an alert message & it works. I want to redirect the user to the login page if the session has expired via a page which will show why the user is getting redirected. How to go about this?
在服务器端Spring中,我们使用了基于xml的配置:
In the server side Spring we have used xml based configuraton:
<http auto-config="true" use-expressions="true">
...
<csrf/>
</http>
推荐答案
我在application-security.xml中添加了以下内容,它解决了此特定情况下的问题,尽管我在某些其他情况下也面临CSRF异常:
I added following to application-security.xml which solved the problem for this particular scenario, though I am facing CSRF exception in some other scenario :
<http auto-config="true" use-expressions="true">
...
<session-management invalid-session-url="/login">
<concurrency-control expired-url="/login" />
</session-management>
</http>
这篇关于HTTP状态403-找不到预期的CSRF令牌.会话是否已过期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
