发表新帖
发表新帖

How to redirect to the login page when the session expires?

后端 未结
关注
2 1524
傲寒
傲寒 2021-02-11 10:09

I have three JSF 2.0 web modules and I need to redirect to the login page when the session expires.

I have tried it using a HttpSessionListener, it is call

相关标签:
2条回答
  • 迷失自我
    2021-02-11 10:47

    Try to use

     FacesContext.getCurrentInstance().getApplication().getNavigationHandler().
       handleNavigation(context, null, "LoginForm");

    But note that you should use Servlet Filter for these purposes, it's better to do not any redirection from PhaseListener because it's really error prone.

    0 讨论(0)
  • 执念已碎
    2021-02-11 10:49

    It's not possible to send a redirect at exactly the moment when the session is expired. The client has namely not sent any HTTP request at that moment which you could then respond with a redirect.

    You should just keep your existing authentication mechanism which redirects to the login page when the user is not logged-in anymore. You can at best improve it by adding a check if the user is been redirected to the login page because the session has been expired, or just because he has never logged in before (i.e. it's a fresh new request).

    You can check for that by if HttpServletRequest#getRequestedSessionId() doesn't return null (which means that the client has sent a session cookie and thus assumes that the session is still valid) and HttpServletRequest#isRequestedSessionIdValid() returns false (which means that the session has been expired at the server side). You can do that in the very same filter where you're checking for the logged-in user (you do already have one, right? or are you using container managed authentication?).

    User user = (User) session.getAttribute("user");

if (user == null) {
    String loginURL = request.getContextPath() + "/login.jsf";
    if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
        response.sendRedirect(loginURL + "?expired=true");
    } else {
        response.sendRedirect(loginURL);
    }
} else {
    chain.doFilter(request, response);
}

    And then in the login.xhtml page check for it

    <h:panelGroup rendered="#{param.expired}">
    <p>You have been redirected to the login page, because your session was expired.</p>
</h:panelGroup>

    Your phase listener approach makes by the way no sense. It indeed sends a redirect on every single request causing it to run in an infinite loop. The restore view phase has absolutely nothing to do with the session expiration.

    0 讨论(0)
 看不清?
提交回复
热议问题