在系统登录后,都设置session会设置一个当前session失效的时间,以确保在用户长时间不与服务器交互,自动退出登录,销毁session。
具体设置很简单,方法有三种:
- 在主页面或者公共页面中加入:session.setMaxInactiveInterval(900);参数900单位是秒,即在没有活动15分钟后,session将失效。这里要注意这个session设置的时间是根据服务器来计算的,而不是客户端。所以如果是在调试程序,应该是修改服务器端时间来测试,而不是客户端。
- 也是比较通用的设置session失效时间的方法,就是在项目的web.xml中设置
3.直接在应用服务器中设置,如果是tomcat,可以在tomcat目录下conf/web.xml中找到<session-config>元素,tomcat默认设置是30分钟,只要修改这个值就可以了。
设置session的失效时间
<session-config>
<session-timeout>120</session-timeout>
</session-config>
登录过滤器
import org.springframework.core.annotation.Order;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Order(1)
@WebFilter(filterName = "sessionFilter", urlPatterns = { "/*" })
public class SessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("filter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));//"*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,appid,token");
response.setHeader("Access-Control-Expose-Headers", "Location");
response.setHeader("Access-Control-Allow-Credentials", "true");
if(!request.getMethod().equals("OPTIONS"))
chain.doFilter(new XssHttpServletRequestWrapper(request),res);
}
@Override
public void destroy() {
System.out.println("doFilter destroy");
}
}
@ServletComponentScan
@EnableZuulProxy
@EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class})
public class ProduDataGetweiApplication {
public static void main(String[] args) {
SpringApplication.run(ProduDataGetweiApplication.class, args);
}
}
标签:登录,response,Access,session,过滤器,import,servlet,javax From: https://blog.51cto.com/u_11837698/6081842