开发者

Grails session.user, user already logged in

问答 作者:

Im using "session.user" to do a simple login system to my website. Is there any way of knowing if a user is alrea开发者_高级运维dy logged in or not, whitout having to store that information in the DB ?

It's never a good idea to roll your own security implementation. You want your site to end up on Slashdot because it's awesome, not because you thought you were more clever than hackers.

Use http://grails.org/plugin/spring-security-core or http://grails.org/plugin/shiro - they're both simple to get started with but have lots of optional advanced features.

You could just check if session.user exists or not. If it does, then the user is logged in, it does not, then user is not logged in.

You can use grails Filters to check that before getting to your controller. From the grails docs (Filter Types):

class SecurityFilters {
   def filters = {
       loginCheck(controller:'*', action:'*') {
           before = {
              if(!session.user && !actionName.equals('login')) {
                  redirect(action:'login')
                  return false
               }
           }
       }
   }
}

继续阅读:grailssession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9