Java JSP 登录页面会话超时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20383513/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JSP login page session timeout
提问by user3014926
I have created a login page for mock of hotel administrator. Now I want to add session time function to it. In other words, let's say the user leaves the computer (he is still logged into the admin webpage) for like 10 minutes or so. Then when he come back, I want to end the current session and then redirect to login page (this is more secured and his personal info would never be lost!).
我创建了一个模拟酒店管理员的登录页面。现在我想给它添加会话时间功能。换句话说,假设用户离开计算机(他仍然登录到管理网页)大约 10 分钟。然后当他回来时,我想结束当前会话,然后重定向到登录页面(这样更安全,他的个人信息永远不会丢失!)。
How do I make that happen?
我该如何做到这一点?
public class LoginServlet extends SpringInjectedServlet {
@Autowired
private LoginService loginService;
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String id = req.getParameter("id");
String password = req.getParameter("password");
String error = null;
//code for checking correct input
}
// mock
private boolean check(String id, String password) {
return loginService.authenticate(id, password);
}
@Override
public void init() throws ServletException {
System.out.println("LoginServlet");
}
}
回答by developerwjk
After you've verified the credentials, set a session variable for the userid, and to set the session expiration:
验证凭据后,为用户 ID 设置会话变量,并设置会话过期时间:
session.setMaxInactiveInterval(600); //600 secs = 10 mins
session.setAttribute("userid", userid);
Then at the top of all your JSPs and in all your servlets you do something like:
然后在所有 JSP 和所有 servlet 的顶部执行以下操作:
String userid = (String)session.getAttribute("userid");
if(userid==null)
{
response.sendRedirect("login.jsp");
return; //the return is important; forces redirect to go now
}
After the 10 minutes have elapsed, this will only redirect the user to the login page if they click a link, refresh, or somehow go to another page. If they just leave the page sitting there open, it will still display. To change that you would have to involve Javascript somehow.
10 分钟过去后,如果用户单击链接、刷新或以某种方式转到另一个页面,这只会将用户重定向到登录页面。如果他们只是让页面保持打开状态,它仍然会显示。要改变这一点,您必须以某种方式涉及 Javascript。
回答by user2779544
Use Authentication Filtersto check for Session in every requestlike
使用身份验证过滤器检查每个请求中的会话,例如
HttpSession session = request.getSession();
if (session == null || session.getAttribute("username") == null) {
// Forward the control to login.jsp if authentication fails or session expires
request.getRequestDispatcher("/login.jsp").forward(request,
response);
}
This will check for login username from session for every request if its null or the session expired ,it will redirect to login page.
这将检查每个请求的会话中的登录用户名,如果其为空或会话已过期,它将重定向到登录页面。
Add this in web.xml
在 web.xml 中添加这个
<session-config>
<session-timeout>5</session-timeout>
</session-config>
Check it here.
在这里检查。
