本文介绍了一种在用户登录后更新会话的方法。通过保存旧会话、使其失效、创建新会话并将旧会话数据迁移至新会话中,确保了会话的安全性和连续性。
- store the old session
- invalidate the old session
- generate a new session
- copy the data of the old session into the new session
public class RenewSessionValve implements Valve{
public void invoke(Request request, Response response)
throws IOException, ServletException {
// check for the login URI, only after a login
// we want to renew the session
if (req.getRequestURI().
contains("/portal/j_security_check")) {
// step 1: save old session
Session oldSession = req.getSessionInternal(true);
SavedRequest saved = (SavedRequest) oldSession.
getNote(Constants.FORM_REQUEST_NOTE);
// step 2: invalidate old session
req.getSession(true).invalidate();
req.setRequestedSessionId(null);
req.clearCookies();
// step 3: create a new session and set it to the request
Session newSession = req.getSessionInternal(true);
req.setRequestedSessionId(newSession.getId());
// step 4: copy data pointer from the old session
// to the new one
if (saved != null) {
newSession.setNote(Constants.FORM_REQUEST_NOTE, saved);
}
}
}
}
reference: http://www.koelnerwasser.de/?p=11
扫一扫
2454
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
