开发者

struts2 session expired application scope

My app uses struts2+spring+hibernate and I was doing some session-interceptor-login-authorisation system and its working alright, now that I try to implement the session expired part I'm running into problems: first the session interceptor checks for every request to see if a user is on session if not then its redirected to the login page, otherwise its let through the action requested .

  • so if the user has just began the app the login page pops up

  • if the session has timeout because of the session-timeout property in web.xml its then redirected to a login page

Now I had a request that a session expired message be displayed. So I decided to use the app scope and set some variables like UserLoggedIn and now back to the interceptor I can check for the user to be in session and if its null check the app scope for the variable UserLoggedIn so if founded then session is expired (sessionExpired.jsp) otherwise login.jsp. the problem is that whenever I close the browser and reopen it, the app scope its still there and UserLoggedIn variable with it so lets say I want to start the browser and my app so the session interceptor its fired it doesn't find a user on session GReat!! but it found the UserLoggedIn variable which is telling that this is not a brand new start so t开发者_开发问答he session expired message its pop up. I know its kind of confusing Im not sure if this is the right way to do this session expired thing; its my first try.

any advice, alternative methods, etc, will be really appreciated

pd: I know that there are better approaches into securing your app like spring security I devoted 2 days but failed and because of the time factor Im cant keep trying whit it


It might be easier to move the session time out into the interceptor it self, that is every time the interceptor is used it will set a time value for the user if the time value is too great between invocations you will get redirected to the session timed out page. After all it is the session that is telling you that it is stale, so you should be able to avoid application level logic.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜