如何在IBM worklight服务器端登录模块中维护会话 [英] How to maintain session in IBM worklight server side login module

问题描述

在我的IBM worklight演示应用程序中，我实现了登录模块。它工作正常，但我应该以什么方式维持会话？如果执行了注销操作，我想注销我的用户，但是当应用程序进入后台时我不想注销。目前，当我的应用程序被Android设备后退按钮关闭时，无论如何，如果应用程序进入后台会话过期，用户必须再次登录。我可以实现这一点维护一些服务器端会话吗？

In my IBM worklight demo app I've implemented Login Module. It works fine, but in what way I should maintain the session ? I want to log-out my user if log-out action is performed but not when app goes into background. Currently when my app is closed by Android device back button or anyhow if app goes into background session gets expire and again user has to login. Can I achieve this maintaining some server side session?

推荐答案

当您关闭应用程序时，操作系统会破坏WebView组件，从而破坏您的http上下文，特别是jSessionId cookie。因此，下次打开它时，您将有一个新的会话，需要重新进行身份验证。

When you close your application OS destroys WebView component thus destroying your http context, specifically jSessionId cookie. As a result next time you open it you will have a new session and will need to reauthenticate.

如果您真的想要实现记住我功能，那么有几个解决方案。一个可能是以下

If you really want to implement "remember me" functionality there are several solutions. One might be the following

1. 请记住记住我会大大降低安全级别


2. 请参阅＃1


3. 创建某种服务器端令牌并将其存储在客户端（例如localStorage，encryptedCache或JSONStore）


4. 确保该令牌与服务器端的用户身份相关联


5. 在应用程序启动时将此令牌发送到服务器（例如，作为全局头，作为适配器过程调用参数等）。 li>
   
6. 在您的登录模块中检测此令牌并建立经过身份验证的会话。

1. keep in mind that "remember me" greatly reduces security level
2. see #1
3. create some sort of server side token and store it on a client side (e.g. in localStorage, encryptedCache or JSONStore)
4. Make sure that this token is associated with your user identity on a server side
5. Send this token to server on application startup (e.g. as a global header, as an adapter procedure invocation param etc.)
6. Detect this token in your login module and establish authenticated session.

这篇关于如何在IBM worklight服务器端登录模块中维护会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！