正常处理会话超时的方法是什么? [英] What is the method for gracefully handling session timeout?
问题描述
问题:我在应用程序的某些页面上,离开了一段时间.回来并单击链接,我收到无法恢复viewID"消息.在刷新时也一样.
The problem: I am on some page of my application and go away for a while. Coming back and clicking on a link I get a "Unable to restore viewID" message. Same on hitting refresh.
我可以开始一个新的会话,但是我必须手动编辑URL,如下所示:
I can start a new session, but I have to manually edit the URL as follows:
活动地址窗口:
http://localhost:8080/myapp/index.xhtml?windowId=e9d
进入
http://localhost:8080/myapp/index.xhtml
然后建立一个新会话,用户必须再次登录,这是我想要的.
Then a new session is established, and the user has to log in again which is what I want.
在研究如何解决此问题时,我看到了很多解决方案",它们通过使用客户端Javascript定期发送请求以使会话保持活动状态来使会话保持活动状态.我个人认为这不是理想的解决方案.
In researching how to deal with this, I see a lot of "solutions" that basically keep the session alive by using client-side Javascript to send requests periodically to keep the session alive. Personally I do not consider this a desirable solution.
我想要的是会话超时时,所有对任何非公共页面的后续请求都必须定向到index.xhtml.对不需要登录的页面的引用应使用新的会话对象.最好仅使用JSF 2定义的功能来处理,但是我不介意编写Servlet过滤器(如果需要的话).
What I want is when the session times out, all subsequent requests to any non-public page needs to be directed to index.xhtml. References to pages that don't require login should go through with a new session object. Preferably this would be handled using only JSF 2 defined facilities, but I don't mind writing a Servlet filter if that is what it takes.
任何人都可以提供我错过的操作方法的链接吗?
Can anyone provide a link to a how-to that I missed?
推荐答案
在Filter
中进行,是的.您可以使用 HttpServletRequest#getRequestedSessionId()
检查客户端是否已发送会话cookie和
Do it in a Filter
, yes. You could use HttpServletRequest#getRequestedSessionId()
to check if the client has sent a session cookie and HttpServletRequest#isRequestedSessionIdValid()
to check if it is still valid (i.e. the session hasn't been expired in the server side):
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletRequest res = (HttpServletResponse) response;
if (req.getRequestedSessionId() != null && !req.isRequestedSessionIdValid()) {
res.sendRedirect(req.getContextPath() + "/index.xhtml");
} else {
chain.doFilter(request, response);
}
}
但是,这引出了另一个问题,您究竟如何过滤登录的用户?如果会话已过期,则该用户不再登录,对吗?相反,您也可以只检查过滤器是否已登录.
But, that brings up another question, how exactly are you filtering logged-in users? If the session is expired, then the user is not logged-in anymore, right? You could instead also just check in the filter if the user is logged-in or not.
这篇关于正常处理会话超时的方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!