java - How to manage session timeout expired -
i have following trouble. spring application configured in following way:
application context security
<http use-expressions="true" pattern="/ext/**" entry-point-ref="loginurlauthenticationentrypoint"> //others configuration <session-management invalid-session-url="/sessionexpired"> </session-management> </http>
my controller:
@requestmapping(value="/sessionexpired", method = requestmethod.get) public string sessionexpired(modelmap model, httpsession session) { return "login"; }
now problem in method sessionexpired should able differentiate property of user example:
@requestmapping(value="/sessionexpired", method = requestmethod.get) public string sessionexpired(modelmap model, httpsession session) { //test1 authentication auth = securitycontextholder.getcontext().getauthentication(); myuser u = (myuser) authentication.getprincipal(); //test2 myuser u = session.getattribute("user"); if(u.isitalian()) return "logina" else return "loginb" return "login"; }
i think sping security has cleaned session,request , securitycontextholder. how can solve situation?
sessionexpired means there no session because has expired. option catch session on event before going destroyed. luckily found solution/approach you:
http://docs.oracle.com/javaee/6/api/javax/servlet/http/httpsessionlistener.html
could this:
import javax.servlet.http.httpsessionevent; import javax.servlet.http.httpsessionlistener; public class sessioncounterlistener implements httpsessionlistener { private static int totalactivesessions; public static int gettotalactivesession(){ return totalactivesessions; } @override public void sessioncreated(httpsessionevent arg0) { totalactivesessions++; system.out.println("sessioncreated - add 1 session counter"); } @override public void sessiondestroyed(httpsessionevent arg0) { totalactivesessions--; system.out.println("sessiondestroyed - deduct 1 session counter"); } }
Comments
Post a Comment