Spring Boot 会话超时 [英] Spring Boot session timeout

问题描述

server.session-timeout 似乎只适用于嵌入式 tomcat.

server.session-timeout seems to be working only for embedded tomcat.

我写了一个日志语句来检查会话最大间隔时间.手动将 war 文件部署到 tomcat 后，我​​意识到仍在使用默认会话超时值(30 分钟).

I put a log statement to check the session max interval time. After deploying the war file manually to tomcat, I realized that default session timeout value (30 min) was being used still.

如何使用 spring-boot 设置会话超时值(不是针对嵌入式 tomcat，而是针对独立应用服务器)?

How can I set session timeout value with spring-boot (not for embedded tomcat, but for a stand-alone application server)?

推荐答案

[以防万一有人觉得这有用]

如果您使用的是 Spring Security，则可以扩展 SimpleUrlAuthenticationSuccessHandler 类并在身份验证成功处理程序中设置会话超时:

If you're using Spring Security you can extend the SimpleUrlAuthenticationSuccessHandler class and set the session timeout in the authentication success handler:

public class NoRedirectSavedRequestAwareAuthenticationSuccessHandler
       extends SimpleUrlAuthenticationSuccessHandler {

    public final Integer SESSION_TIMEOUT_IN_SECONDS = 60 * 30;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
                                        HttpServletResponse response,
                                        Authentication authentication)
                                        throws ServletException, IOException {

        request.getSession().setMaxInactiveInterval(SESSION_TIMEOUT_IN_SECONDS);

        // ...
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .loginProcessingUrl("/login")
            .successHandler(new NoRedirectSavedRequestAwareAuthenticationSuccessHandler())
            .failureHandler(new SimpleUrlAuthenticationFailureHandler())
            .and().httpBasic();
    }

}

这篇关于Spring Boot 会话超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！