正常处理会话超时的方法是什么? [英] What is the method for gracefully handling session timeout?

问题描述

问题:我在应用程序的某些页面上，离开了一段时间.回来并单击链接，我收到无法恢复viewID"消息.在刷新时也一样.

The problem: I am on some page of my application and go away for a while. Coming back and clicking on a link I get a "Unable to restore viewID" message. Same on hitting refresh.

我可以开始一个新的会话，但是我必须手动编辑URL，如下所示:

I can start a new session, but I have to manually edit the URL as follows:

活动地址窗口:

http://localhost:8080/myapp/index.xhtml?windowId=e9d

进入

http://localhost:8080/myapp/index.xhtml

然后建立一个新会话，用户必须再次登录，这是我想要的.

Then a new session is established, and the user has to log in again which is what I want.

在研究如何解决此问题时，我看到了很多解决方案"，它们通过使用客户端Javascript定期发送请求以使会话保持活动状态来使会话保持活动状态.我个人认为这不是理想的解决方案.

In researching how to deal with this, I see a lot of "solutions" that basically keep the session alive by using client-side Javascript to send requests periodically to keep the session alive. Personally I do not consider this a desirable solution.

我想要的是会话超时时，所有对任何非公共页面的后续请求都必须定向到index.xhtml.对不需要登录的页面的引用应使用新的会话对象.最好仅使用JSF 2定义的功能来处理，但是我不介意编写Servlet过滤器(如果需要的话).

What I want is when the session times out, all subsequent requests to any non-public page needs to be directed to index.xhtml. References to pages that don't require login should go through with a new session object. Preferably this would be handled using only JSF 2 defined facilities, but I don't mind writing a Servlet filter if that is what it takes.

任何人都可以提供我错过的操作方法的链接吗?

Can anyone provide a link to a how-to that I missed?

推荐答案

在Filter中进行，是的.您可以使用 HttpServletRequest#getRequestedSessionId() 检查客户端是否已发送会话cookie和

Do it in a Filter, yes. You could use HttpServletRequest#getRequestedSessionId() to check if the client has sent a session cookie and HttpServletRequest#isRequestedSessionIdValid() to check if it is still valid (i.e. the session hasn't been expired in the server side):

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletRequest res = (HttpServletResponse) response;

    if (req.getRequestedSessionId() != null && !req.isRequestedSessionIdValid()) {
        res.sendRedirect(req.getContextPath() + "/index.xhtml");
    } else {
        chain.doFilter(request, response);
    }
}

但是，这引出了另一个问题，您究竟如何过滤登录的用户?如果会话已过期，则该用户不再登录，对吗?相反，您也可以只检查过滤器是否已登录.

But, that brings up another question, how exactly are you filtering logged-in users? If the session is expired, then the user is not logged-in anymore, right? You could instead also just check in the filter if the user is logged-in or not.

这篇关于正常处理会话超时的方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！