SpringBoot2.x如何设置Session失效时间及失效跳转
SpringBoot2.x如何设置Session失效时间及失效跳转
这篇文章给大家分享的是有关SpringBoot2.x如何设置Session失效时间及失效跳转的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。
设置Session失效时间及失效跳转
#Session超时时间设置,单位是秒,默认是30分钟server.servlet.session.timeout=10
然而并没有什么用,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个
privatelonggetSessionTimeoutInMinutes(){DurationsessionTimeout=this.getSession().getTimeout();returnthis.isZeroOrLess(sessionTimeout)?0L:Math.max(sessionTimeout.toMinutes(),1L);}
如果说某些人看不懂 Duration 这个类是什么,我不推荐你接着看下去了,因为没有什么帮助。
Session失效后如何跳转到Session失效地址
packagecn.coreqi.security.config;importcn.coreqi.security.Filter.SmsCodeFilter;importcn.coreqi.security.Filter.ValidateCodeFilter;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;importorg.springframework.security.config.annotation.web.builders.HttpSecurity;importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;importorg.springframework.security.crypto.password.NoOpPasswordEncoder;importorg.springframework.security.crypto.password.PasswordEncoder;importorg.springframework.security.web.authentication.AuthenticationFailureHandler;importorg.springframework.security.web.authentication.AuthenticationSuccessHandler;importorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;@ConfigurationpublicclassWebSecurityConfigextendsWebSecurityConfigurerAdapter{@AutowiredprivateAuthenticationSuccessHandlercoreqiAuthenticationSuccessHandler;@AutowiredprivateAuthenticationFailureHandlercoreqiAuthenticationFailureHandler;@AutowiredprivateSmsCodeAuthenticationSecurityConfigsmsCodeAuthenticationSecurityConfig;@BeanpublicPasswordEncoderpasswordEncoder(){returnNoOpPasswordEncoder.getInstance();}@Overrideprotectedvoidconfigure(HttpSecurityhttp)throwsException{ValidateCodeFiltervalidateCodeFilter=newValidateCodeFilter();validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);SmsCodeFiltersmsCodeFilter=newSmsCodeFilter();//http.httpBasic()//httpBasic登录BasicAuthenticationFilterhttp.addFilterBefore(smsCodeFilter,UsernamePasswordAuthenticationFilter.class)//加载用户名密码过滤器的前面.addFilterBefore(validateCodeFilter,UsernamePasswordAuthenticationFilter.class)//加载用户名密码过滤器的前面.formLogin()//表单登录UsernamePasswordAuthenticationFilter.loginPage("/coreqi-signIn.html")//指定登录页面//.loginPage("/authentication/require").loginProcessingUrl("/authentication/form")//指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址.successHandler(coreqiAuthenticationSuccessHandler)//登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。.failureHandler(coreqiAuthenticationFailureHandler)//自己体会把.and().sessionManagement().invalidSessionUrl("session/invalid")//session过期后跳转的URL.and().authorizeRequests()//对授权请求进行配置.antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll()//指定登录页面不需要身份认证.anyRequest().authenticated()//任何请求都需要身份认证.and().csrf().disable()//禁用CSRF.apply(smsCodeAuthenticationSecurityConfig);//FilterSecurityInterceptor整个SpringSecurity过滤器链的最后一环}}
@GetMapping("/session/invalid")@ResponseStatus(code=HttpStatus.UNAUTHORIZED)publicSimpleResponsesessionInvalid(){Stringmessage="session失效";returnnewSimpleResponse(message);}
设置Session失效的几种方式
如果是1.5.6版本
这里可以在application中加上bean文件
packagecom.example.demo;importorg.springframework.boot.SpringApplication;importorg.springframework.boot.autoconfigure.SpringBootApplication;importorg.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;importorg.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;importorg.springframework.context.annotation.Bean;@SpringBootApplicationpublicclassDemoApplication{undefinedpublicstaticvoidmain(String[]args){SpringApplication.run(DemoApplication.class,args);}//设置session过期时间@BeanpublicEmbeddedServletContainerCustomizercontainerCustomizer(){returnnewEmbeddedServletContainerCustomizer(){publicvoidcustomize(ConfigurableEmbeddedServletContainercontainer){container.setSessionTimeout(7200);//单位为S}};}}
还可以设置
application.yml
server:port:8081servlet:session:timeout:60s
@RestControllerpublicclassHelloController{undefined@PostMapping("test")publicIntegergetTest(@RequestParam("nyy")Stringnn,HttpServletRequesthttpServletRequest){HttpSessionsession=httpServletRequest.getSession();session.setMaxInactiveInterval(60);intmaxInactiveInterval=session.getMaxInactiveInterval();longlastAccessedTime=session.getLastAccessedTime();returnmaxInactiveInterval;}}
感谢各位的阅读!关于“SpringBoot2.x如何设置Session失效时间及失效跳转”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!
推荐阅读
-
PHP错误WARNING: SESSION_START()
-
php与session会话劫持与会话固定,看完你就知道如何预防了
-
了解的Session的本质
-
PHP-Session利用总结
-
备战金九银十,2020最新大厂PHP面试题(附答案)
-
上网如何保存记录?你要知道Session和Cookie的关系
-
实战经验:修改PHP session存放位置
-
网络安全之php站点被攻击的方式
这里列出16种php站点被攻击的方式1、命令注入(CommandInjection)2、eval注入(EvalInje...
-
如何运用PHP+REDIS解决负载均衡后的session共享问题
-
PHP经典高级工程师面试题
1.PHP如何实现不用自带的cookie函数为客户端下发cookie。对于分布式系统,如何来保存session值...