Java:确保Web应用程序仅在一个浏览器选项卡中打开 [英] Java: ensure web application open only in one browser tab
问题描述
确保特定页面(假设单页Web应用程序)仅在一个浏览器选项卡中打开的最佳方法是什么?
What is the best approach to ensure that a specific page (assume a single-page Web application) is open only in one browser tab?
假设Java Web app具有身份验证,即用户必须登录(因此我们可以通过Java Session API识别哪个用户正在查看哪个页面)。
Assume the Java Web app has authentication, i.e. user has to sign in (so we can identify which page is being viewed by which user via Java Session API).
意图是,如果是另一个对于相同的URL打开了选项卡,用户将被重定向到一个静态页面,告诉他他在其他地方打开了应用程序(另一个选项卡)。
The intention is that if another tab is opened for the same URL, the user will be redirected to a static page that tells him he has the application open somewhere else (another tab).
我目前的方法无法在同一浏览器中使用标签,因为 JSESSIONID 存储在cookie中,可用于所有浏览器的标签。
My current approach fails to work for tabs in the same browser, since JSESSIONID is stored in cookies, that are available for all browser's tabs.
推荐答案
我假设您当前的用例是这样的:
I assume your current use case is this:
- 用户打开浏览器选项卡,加载您的应用程序页面并登录。
然后,用户打开第二个浏览器选项卡,加载您的应用程序页面并已登录(因为浏览器对所有选项卡或窗口都有相同的会话cookie)。
The user then opens a second browser tab, loads your application page and is already logged in (because the browser has the same session cookies for all tabs or windows).
并且您希望限制用户,以便在加载第二个选项卡时改为看到一条警告消息说:您已经在其他地方登录过此网站,请使用该窗口,或者如果您不再打开该窗口,请单击此处退出并重新登录。
And you want to restrict the user so that if when they load the second tab, the instead see a warning message saying: You have already logged into this site elsewhere, please use that window, or if you no longer have that window open, click here to logout and log back in again.
大多数解决方案都涉及为应用程序实例和会话保留一次性令牌。如果您的应用程序在单个页面中加载并向用户显示登录框,那么当用户登录时您可以发送一次性令牌,将其存储在javascript变量中并将其与所有服务器请求一起发送。
如果用户然后在新选项卡中加载应用程序,他们会请求他们的初始数据,服务器可以生成一个响应,说明令牌不存在,他们需要注销,关闭窗口或切换到已经登录窗口。
Most solutions will involve keeping a one time token for the instance of the application along with the session. If your application loads up in a single page and presents the user with a login box then when the user logs in you could send the one time token, store it in a javascript variable and send it with all server requests. If the user then loads up the application in a new tab, they request their initial data and the server can generate a response saying that the token is not present and they need to logout, close the window or switch to the already logged in window.
所以答案是,你想在服务器上的会话中存储一个随机字符串,在登录时将其提供给用户并检查每一个请求将它们反弹到注销页面。在Web客户端的javascript中,存储该令牌并将其随每个请求一起发送到服务器。
So the answer is baically that you want to store a random string in your session on the server, serve it to the user on login and check that every request has it otherwise bounce them to a logout page. And in the javascript of the web client, store that token and send it with every request to the server.
这篇关于Java:确保Web应用程序仅在一个浏览器选项卡中打开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
