struts2 session expired application scope
My app uses struts2+spring+hibernate and I was doing some session-interceptor-login-authorisation system and its working alright, now that I try to implement the session expired part I'm running into problems: first the session interceptor checks for every request to see if a user is on session if not then its redirected to the login page, otherwise its let through the action requested .
so if the user has just began the app the login page pops up
if the session has timeout because of the session-timeout property in web.xml its then redirected to a login page
Now I had a request that a session expired message be displayed. So I decided to use the app scope and set some variables like UserLoggedIn and now back to the interceptor I can check for the user to be in session and if its null check the app scope for the variable UserLoggedIn so if founded then session is expired (sessionExpired.jsp) otherwise login.jsp. the problem is that whenever I close the browser and reopen it, the app scope its still there and UserLoggedIn variable with it so lets say I want to start the browser and my app so the session interceptor its fired it doesn't find a user on session GReat!! but it found the UserLoggedIn variable which is telling that this is not a brand new start so t开发者_开发问答he session expired message its pop up. I know its kind of confusing Im not sure if this is the right way to do this session expired thing; its my first try.
any advice, alternative methods, etc, will be really appreciated
pd: I know that there are better approaches into securing your app like spring security I devoted 2 days but failed and because of the time factor Im cant keep trying whit it
It might be easier to move the session time out into the interceptor it self, that is every time the interceptor is used it will set a time value for the user if the time value is too great between invocations you will get redirected to the session timed out page. After all it is the session that is telling you that it is stale, so you should be able to avoid application level logic.
精彩评论