问题
I'm developing a web app using Spring Boot 2 and Gradle. I currently implemented a custom remember me mechanism (WITHOUT Spring Security), and I added also a series cookie, as described here.
Now I want to invalidate all user's session in case the token does not match. I would get all sessions of the user (a Bean that I save in "userSession" attribute). How can I do?
PS: I'm not using Spring Security.
回答1:
You have to create a custom HttpSession holder object that will hold active sessions that you can iterate and invalidate based on your conditions.
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class HttpSessionConfig {
private static final Map<String, HttpSession> sessions = new HashMap<>();
public List<HttpSession> getActiveSessions() {
return new ArrayList<>(sessions.values());
}
@Bean
public HttpSessionListener httpSessionListener() {
return new HttpSessionListener() {
@Override
public void sessionCreated(HttpSessionEvent hse) {
sessions.put(hse.getSession().getId(), hse.getSession());
}
@Override
public void sessionDestroyed(HttpSessionEvent hse) {
sessions.remove(hse.getSession().getId());
}
};
}
}
来源:https://stackoverflow.com/questions/49539076/how-can-i-get-a-list-of-all-sessions-in-spring