如何让用户知道他/她的会话已过期？

发布于 2024-08-16 09:23:34 字数 430 浏览 5 评论 0原文

我已将 Tomcat 设置为在 15 分钟不活动后处理会话。这样的事情

<session-config>
    <session-timeout>15</session-timeout>
</session-config>

每当用户访问受限页面（需要用户登录的页面）时，我都会检查会话以查看登录过程是否已完成。如果有，则授予访问权限；如果没有，则用户将被重定向到登录页面，系统会提示他/她输入有效的 ID 和密码。如果会话超时，则用户需要重新登录。这很好，但我想让用户知道他/她必须再次登录，因为会话已超时。

我该怎么做呢？我找到了 HttpSessionListener 接口，并认为它可能会有所帮助，但 sessionDestroyed 方法是在会话失效之前调用的，因此设置参数没有什么好处，正如预期的那样。

原文

I have set Tomcat to dispose of sessions after 15 minutes of inactivity. Something like this

<session-config>
    <session-timeout>15</session-timeout>
</session-config>

Whenever a user accesses a restricted page (one that requires a user to be logged in) I check the session to see if the login process has been completed. If it has then access is granted if it hasn't then the user is redirected to the login page where he/she is prompted with a valid ID and a password. If a session times out then the user is required to log in again. And this is fine, but I would like to let the user know that he/she has to logi in again because the session has timed out.

How do I go about doing this? I found the HttpSessionListener interface and thought it might help but the sessionDestroyed method is called right before the session is invalidated so setting a parameter there is no good, as expected.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

疑心病 2024-08-23 09:23:34

登录时，设置一个长期存在的 cookie（1 天？），您在正常注销期间将其删除（将年龄设置为 0）。如果在用户未登录且 cookie 仍然存在的情况下再次登陆登录页面，则意味着会话已过期。

<c:if test="${empty user && not empty cookie.user}">
    You were logged out because the session was expired.
</c:if>

On login, set a long living cookie (1 day?) which you remove (set age to 0) during a normal logout. If you land at the login page again while the user is not logged in and the cookie is still present, then it means that the session has been expired.

<c:if test="${empty user && not empty cookie.user}">
    You were logged out because the session was expired.
</c:if>

回复收藏 0 原文

妖妓 2024-08-23 09:23:34

当您将用户重定向到登录表单时，设置指示会话已过期的请求参数、url 参数或 cookie（如果您使用 cookie，则在显示登录表单后删除 cookie）。然后，在显示表单时，检查会话过期指示器并显示适当的消息。

回复收藏 0 原文

江城子 2024-08-23 09:23:34

您可以通过以下方式检查会话是否已过期和/或超时：

if (request.getRequestedSessionId() != null
        && !request.isRequestedSessionIdValid()) {
    // Session is expired
}

使用 getRequestedSessionId 区分新会话和现有（有效/过期）会话，并使用 isRequestedSessionIdValid 区分新会话和现有会话。有效和新的/过期的会话。

您可以将此代码放入过滤器中。

You can check if the session has expired and/or timed out with:

if (request.getRequestedSessionId() != null
        && !request.isRequestedSessionIdValid()) {
    // Session is expired
}

Use getRequestedSessionId to distinguish between new and existing (valid/expired) sessions, and use isRequestedSessionIdValid to distinguish betwheen valid and new/expired sessions.

You can put this code in a Filter.

回复收藏 0 原文

~没有更多了~