Spring Boot 会话超时 [英] Spring Boot session timeout
问题描述
server.session-timeout
似乎只适用于嵌入式 tomcat.
server.session-timeout
seems to be working only for embedded tomcat.
我写了一个日志语句来检查会话最大间隔时间.手动将 war 文件部署到 tomcat 后,我意识到仍在使用默认会话超时值(30 分钟).
I put a log statement to check the session max interval time. After deploying the war file manually to tomcat, I realized that default session timeout value (30 min) was being used still.
如何使用 spring-boot 设置会话超时值(不是针对嵌入式 tomcat,而是针对独立应用服务器)?
How can I set session timeout value with spring-boot (not for embedded tomcat, but for a stand-alone application server)?
推荐答案
[以防万一有人觉得这有用]
如果您使用的是 Spring Security,则可以扩展 SimpleUrlAuthenticationSuccessHandler 类并在身份验证成功处理程序中设置会话超时:
If you're using Spring Security you can extend the SimpleUrlAuthenticationSuccessHandler class and set the session timeout in the authentication success handler:
public class NoRedirectSavedRequestAwareAuthenticationSuccessHandler
extends SimpleUrlAuthenticationSuccessHandler {
public final Integer SESSION_TIMEOUT_IN_SECONDS = 60 * 30;
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication)
throws ServletException, IOException {
request.getSession().setMaxInactiveInterval(SESSION_TIMEOUT_IN_SECONDS);
// ...
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginProcessingUrl("/login")
.successHandler(new NoRedirectSavedRequestAwareAuthenticationSuccessHandler())
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and().httpBasic();
}
}
这篇关于Spring Boot 会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!