Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-security
oglindă de https://github.com/spring-projects/spring-security
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).

This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
Luke Taylor 15 ani în urmă
părinte
d931495c8a
comite
0974e21fb6
3 a modificat fișierele cu 16 adăugiri și 2 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 1 1
      samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
  2. 13 0
      samples/tutorial/src/main/webapp/timeout.jsp
  3. 2 1
      web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java

+ 1 - 1
samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
Vizualizați fișierul 

@@ -33,7 +33,7 @@
 
         <x509 />
 
 -->
 
         <!-- Uncomment to limit the number of sessions a user can have -->
 
-        <session-management invalid-session-url="/something">
 
+        <session-management invalid-session-url="/timeout.jsp">
 
             <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
 
         </session-management>

+ 13 - 0
samples/tutorial/src/main/webapp/timeout.jsp
Vizualizați fișierul 

@@ -0,0 +1,13 @@
 
+<%@page session="false" %>
 
+<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
 
+
 
+<html>
 
+<title>Session Timeout</title>
 
+<body>
 
+<h2>Invalid Session</h2>
 
+
 
+<p>
 
+Your session appears to have timed out. Please <a href="<c:url value='/'/>">start again</a>.
 
+</p>
 
+</body>
 
+</html>

+ 2 - 1
web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
Vizualizați fișierul 

@@ -84,7 +84,8 @@ public class SessionManagementFilter extends GenericFilterBean {
 
                     logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
 
 
                     if (invalidSessionUrl != null) {
 
-                        logger.debug("Redirecting to '" + invalidSessionUrl + "'");
 
+                        logger.debug("Starting new session (if required) and redirecting to '" + invalidSessionUrl + "'");
 
+                        request.getSession();
 
                         redirectStrategy.sendRedirect(request, response, invalidSessionUrl);
 
 
                         return;