java 在jsp中会话超时后如何重定向到登录页面?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10292749/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how can i redirect to login page after session time out in jsp?
提问by java_dev
Hi i am developing application using struts and jsp. in jsp we are using Ajax calls , after session timeout, we are redirecting to log in page. but the problem is the log in page is displaying same div tag.i am checking user in session or not in javascript of jsp but always session have userid value, it never going to be null, if session expires also.
嗨,我正在使用 struts 和 jsp 开发应用程序。在jsp中,我们使用Ajax调用,会话超时后,我们重定向到登录页面。但问题是登录页面显示相同的 div 标签。我正在会话中检查用户或不在 jsp 的 javascript 中检查用户,但会话始终具有用户 ID 值,如果会话也过期,它永远不会为空。
回答by abhi
Two things
两件事情
- Configure a Welcome page as Login Page in web.xml
- Create a filter and configure in web.xml , this should be the first filter in web.xml
- In the filter check if the session is new the user should be guided to the login page , else the request should be processed.
- 在 web.xml 中将欢迎页面配置为登录页面
- 在 web.xml 中创建过滤器并配置,这应该是 web.xml 中的第一个过滤器
- 在过滤器检查会话是否是新的用户应该被引导到登录页面,否则请求应该被处理。
回答by JML
Recently I made a tutorial about this exactly. Maybe it can be helpful. Is the same solution that abhi proposed but with an example.
最近我做了一个关于这个的教程。也许它会有所帮助。与 abhi 提出的解决方案相同,但有一个例子。
http://classfoundexception.blogspot.com.es/2012/04/how-to-secure-struts-13-application.html
http://classfoundexception.blogspot.com.es/2012/04/how-to-secure-struts-13-application.html
回答by Imran Khan
To handle Session Timeout/Expire for Ajax Call Request and to dispatch it to login page follows these steps.
要处理 Ajax 调用请求的会话超时/过期并将其分派到登录页面,请遵循以下步骤。
1) In Your jsp wherever ajax function are written Set a header before your ajax send request.
1)在您的jsp中编写ajax函数的任何地方在您的ajax发送请求之前设置一个标头。
req.open("POST", Servlet_PATH, true);
req.setRequestHeader("X-Requested-With", "XMLHttpRequest"); //set header
req.send();
2) In a Filter get the header like this and if session is null send as an Response Error
2)在过滤器中获取这样的标头,如果会话为空,则作为响应错误发送
httpRequest.getHeader("X-Requested-With");
if (session == null) {
`if(httpRequest.getHeader("X-Requested-With")!=null && httpRequest.getHeader("X-Requested-With").equals("XMLHttpRequest")){`
`logger.info("Ajax Expired...");`
`((HttpServletResponse)response).sendError(403);` // Response error set
`return;`
`}}`
3) In jsp whereever ajax code is written check request.readystate and request.state like this
3)在jsp中,无论在何处编写ajax代码,都像这样检查request.readystate和request.state
if (req.readyState==4 && req.status==200)
{
//your logic
}
else if(req.readyState==4 && req.status==403){
alert("Your Session is Expired.Please Relogin.");
window.location.href = "<%=request.getContextPath()%>/jsp/login.jsp";
}
回答by Ved
Every time the new request comes, you should check and validate session at server side.
Also this timeout is handled by web server.Once time out is occurred, automatically server redirect user to session logout URL. You may change this configuration in conf files of server.
每次新请求到来时,您都应该在服务器端检查和验证会话。此超时也由 Web 服务器处理。一旦发生超时,服务器自动将用户重定向到session logout URL. 您可以在服务器的 conf 文件中更改此配置。
For more info see this
有关更多信息,请参阅此
