javascript 在客户端处理会话超时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9993465/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Handling Session timeout on Client side
提问by Santosh
The scenario is that a user should get notification (say via typical JS alert or redirect etc) when her session is about to be expired. Couple of ways this can be done is
场景是当用户的会话即将到期时,用户应该收到通知(比如通过典型的 JS 警报或重定向等)。可以做到这一点的几种方法是
- Using javascript time out function as explained here.
- Using Server Pushusing WebSocketswhich off course would need HTML5 support.
- 使用此处解释的 javascript 超时功能。
- 使用服务器推送使用的WebSockets其关闭过程将需要HTML5的支持。
What are the relative merits/demerits of these two approaches? Apart from these, are there any other ways this can be achieved(some standard library etc). My back end is Java EE (Struts+Spring).
这两种方法的相对优点/缺点是什么?除了这些,还有其他方法可以实现吗(一些标准库等)。我的后端是 Java EE (Struts+Spring)。
采纳答案by Ramesh
By Using javascript timeout function, you need to ensure that if the user is making any AJAX calls your function should be reset as it should be treated as user activity.
通过使用 javascript 超时函数,您需要确保如果用户进行任何 AJAX 调用,您的函数应该被重置,因为它应该被视为用户活动。
If the using server push using websockets you may not be able to target users with not so latest browsers. You may have to use some signalling frameworks and even change your backend stack. (I can think of socket.io & SignalR as of now)
如果使用 websockets 使用服务器推送,您可能无法定位使用不是最新浏览器的用户。您可能必须使用一些信号框架,甚至更改您的后端堆栈。(我现在可以想到 socket.io 和 SignalR)
Both the approaches are not going degrade gracefully. So, IMO javascript option sounds better as it can target wider audience and that would require you to address some edge case scenarios. If I had a choice I would not implement this feature at all. But it hardly happens that way.
这两种方法都不会优雅地降级。因此,IMO javascript 选项听起来更好,因为它可以针对更广泛的受众,这需要您解决一些边缘情况。如果我有选择,我根本不会实现这个功能。但这种情况几乎不会发生。
UPDATE:Here is another approach I could think of.
更新:这是我能想到的另一种方法。
Every time a page gets served I would sent a Cookie which can be accessed in the client side which would contain the UTC time at which the session will timeout. In my code I would place a setInterval which would read the value and compare the local time with UTC and if it close, would display a popup window saying the timeout will happen in X seconds etc.
每次提供页面时,我都会发送一个可以在客户端访问的 Cookie,其中包含会话超时的 UTC 时间。在我的代码中,我会放置一个 setInterval 来读取值并将本地时间与 UTC 进行比较,如果它关闭,将显示一个弹出窗口,说明超时将在 X 秒后发生等。
This again doesn't degrade gracefully and relies on the time of the client machine. So, if it is wrong this functionality will not work reliably.
这再次不会优雅地降级并且依赖于客户端机器的时间。因此,如果错误,此功能将无法可靠地工作。
回答by Lerial
What about creating a filter where you set a cookie with the number of seconds left until timeout?
如何创建一个过滤器,在其中设置一个 cookie,直到超时剩余的秒数?
So, you will always set that value to (session-config->session-timeout) * 60.
因此,您将始终将该值设置为 (session-config->session-timeout) * 60。
In the front side, using setInterval, you would update that cookie value by subtracting the interval to the current cookie value, that way you don't depend on time configuration.
在前端,使用 setInterval,您将通过减去当前 cookie 值的间隔来更新该 cookie 值,这样您就不会依赖于时间配置。
