处理会话超时?

时间:2013-08-17 15:20:17

标签: spring-mvc

如何在spring mvc 3.2中处理会话超时,例如30分钟后它应该重定向到index.html。

尝试使用拦截器,但忽略了web.xml中指定的会话超时值。

弹簧servlet.xml中

 <mvc:interceptors>   
   <bean class="com.server.utils.AuthenticationTokenInterceptor" />   
   </mvc:interceptors>

的web.xml

<session-config>
    <session-timeout>30</session-timeout>
  </session-config>

 @Override  
    public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {   
     try  
        {System.out.println("Inside Interceptor");   
            HttpSession session = request.getSession();   
            String authToken = (String) session.getAttribute("userId");   
               System.out.println("Interceptor invoked For Auth token");   
                if(authToken==null || authToken.equals(""))   
                {   
                    System.out.println("Auth Token time Out");   
                 response.sendRedirect(servletContext.getContextPath()+"/login");   
                    return false;   
                }   
                else  
                {   
                 return true;   
                }   
       }catch(Exception ex)   
           {   
           ex.getMessage();   
          response.sendRedirect(servletContext.getContextPath()+"/login");   
              return false;   
           }   
        }   


    @Override  
    public void postHandle(HttpServletRequest request,   
          HttpServletResponse response, Object handler,   
        ModelAndView modelAndView) throws Exception {   
   }   

   @Override  
 public void afterCompletion(HttpServletRequest request,   
         HttpServletResponse response, Object handler, Exception ex)   
            throws Exception {   
    }

2 个答案:

答案 0 :(得分:2)

<system.web>
    <sessionState allowCustomSqlDatabase="true" mode="SQLServer"
    sqlConnectionString="SQLServerConnection" cookieless="false" timeout="60">
   </sessionState>
   <authentication mode="None" />
   <compilation debug="true" targetFramework="4.5" />
   <httpRuntime targetFramework="4.5" maxRequestLength="52428800" />
</system.web>

- 此代码放在web.config

  $.timeoutDialog
    ({
        timeout: 60 * 60,
        countdown: 20,
        logout_url: '@Url.Action("Logout", "Login")', restart_on_yes: true
    });
  • 此代码放入您的设置页面并使用&#34; timeout_dialog.js&#34;它和.js文件中设置的其他细节。

       public override void OnActionExecuting(ActionExecutingContext 
      filterContext)
    {
    
        if (filterContext.HttpContext.Session["UserID"] == null)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
            {
                filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
                filterContext.Result = new JsonResult
                {
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet,
                    Data = new
                    {
                        Exception="error"
                    }
                };
            }
            else
            {
                filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary
                {
                    { "controller", "Login" },
                    { "action", "Login" }
                });
                    //return;
            }
            return;
    
        }
        base.OnActionExecuting(filterContext);            
    }
    

    此代码将filter.cs放在公共类文件夹文件中。

答案 1 :(得分:1)

使用普通Java EE处理它可能比使用Spring MVC更好:类型javax.servlet.http.HttpSessionListener会被通知当前用户会话发生的所有更改,包括超时。要使用javax.servlet.http.HttpSessionListener,您需要在web.xml

中注册
<web-app ...>
        <listener>
        <listener-class>stuff.MySessionListener</listener-class>
    </listener>
</web-app>

在班上做自定义逻辑。处理超时的方法是sessionDestroyed

package stuff;

import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;

public class MySessionListener implements HttpSessionListener {     

  @Override
  public void sessionCreated(HttpSessionEvent arg0) {
  }

  @Override
  public void sessionDestroyed(HttpSessionEvent arg0) {
      //Your logic goes here
  } 
}