在HttpSession超时后重定向 [英] Redirecting after HttpSession time out
问题描述
我一直在查看有关此主题的很多帖子,但无法获得适用于我的情况的解决方案。
I have been looking at many posts on this topic but couldn't get a solution that works in my case.
我正在使用带有JSF 2.0的Java EE 6 (部署在JBoss AS 7.1上)
I am using Java EE 6 with JSF 2.0 (deployed on JBoss AS 7.1)
在我的 web.xml 中我有:
<session-config>
<session-timeout>1</session-timeout>
</session-config>
我希望在会话自动超时时将用户重定向到登录页面。
我的尝试:
方法1:使用过滤器
我尝试过以下过滤器:
@WebFilter()
public class TimeOutFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
System.out.println("filter called");
final HttpServletRequest req = (HttpServletRequest) request;
final HttpSession session = req.getSession(false);
if (session != null && !session.isNew()) {
chain.doFilter(request, response);
} else {
System.out.println("Has timed out");
req.getRequestDispatcher("/logon.xthml").forward(request, response);
}
}
@Override
public void destroy() {
}
}
在 web.xml 中我试过了
<filter-mapping>
<filter-name>TimeOutFilter</filter-name>
<url-pattern>*.xhtml</url-pattern>
</filter-mapping>
和
<filter-mapping>
<filter-name>TimeOutFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
过滤器在每次请求时都会调用(在控制台中记录fiter called) 。 然而,当会话超时时不会调用它。
The filter works as it is called on every request (logging of "fiter called" in the console). However it is not called when the session times out.
方法2:HttpSessionLister
我试图使用 HttpSessionListerner 。该方法称为具有以下签名:
I have tried to use a HttpSessionListerner. The method called having the following signature:
public void sessionDestroyed(HttpSessionEvent se) {
}
我无法重定向到特定页面。当我想重定向用户时,我通常使用 FacesContext 中的 NavigationHandler ,但在这种情况下没有 FacesContext ( FacesContext.getCurrentInstance()返回 null )。
I wasn't able to redirect to a specific page. When I want to redirect a user I usually use the NavigationHandler from the FacesContext but in this case there is no FacesContext (FacesContext.getCurrentInstance() returns null).
根据这个发布,HttpListener无法重定向用户,因为它不是请求的一部分。
According to this post, the HttpListener cannot redirect the user because it is not part of a request.
问题
解决这个问题的最佳方法是什么?如何使上述两种方法之一起作用?
What is the best way to go to solve this problem? What can I do to make one of the two above-mentioned approaches to work?
推荐答案
您无法发送HTTP响应只要客户端没有发送HTTP请求。就那么简单。这就是HTTP的工作原理。如果任何网站能够在没有客户请求的情况下轻松推送HTTP响应,则互联网看起来会有很大不同。
You can't send a HTTP response as long as the client hasn't send a HTTP request. Simple as that. That's just how HTTP works. The Internet would otherwise have looked very different if any website was able to unaskingly push a HTTP response without the client having requested for it.
基于JavaScript的心跳,基于客户端的键盘/鼠标活动,如答案这里,或元刷新标题,如答案 where 将是解决方案,如果你基本上是一个单页面的webapp(因此,你实际上没有使用会话范围,但视图范围),但如果你在多个标签/窗口中打开页面,这将无法正常工作同一会议。
A JavaScript based heartbeat based on client's keyboard/mouse activity like as answered here, or a meta refresh header like as answered here would be the solution if you've basically a single-page webapp (thus, you're effectively not using the session scope but the view scope), but that won't work nicely if you've the page open in multiple tabs/windows in the same session.
理论上,Websockets是向客户端推送内容的正确解决方案,但这又需要一个活动会话。鸡蛋问题。此外,它在目前仍然相对广泛使用的旧浏览器中不起作用,因此它目前仅用于渐进增强。
Websockets is in theory the right solution to push something to the client, but this requires in turn an active session. Chicken-Egg problem. Also, it wouldn't work in older browsers currently still relatively widely in use, so it should currently merely be used for progressive enhancement.
您最好的选择是定义一个错误页面,它处理最终用户在会话过期时调用操作的情况。另请参见 javax.faces.application.ViewExpiredException:视图无法恢复。
Your best bet is to just define an error page which deals with the case when the enduser invokes an action while the session is expired. See also javax.faces.application.ViewExpiredException: View could not be restored.
这篇关于在HttpSession超时后重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
