每个系统页面操作过程中都有一个session,session可以存放少量的用户信息,供我们的页面操作使用。当session超时失效的时候我们就要重新往session中写入登陆的用户信息,而这个写入的操作一般写在在用户成功登陆系统的时候,所以当session失效时,我们页面中所有的操作都要监听,然后跳转到登陆的界面重新登陆。
1、设置session有效时间
在web.xml里面设置:
<!-- session失效时间 -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
2、增加一个拦截器,拦截到后台的请求
package com.ht.spring.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class SystemSessionInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
// TODO Auto-generated method stub
}
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res,
Object arg2) throws Exception {
HttpSession session = req.getSession(true);
String userCode = (String) session.getAttribute("userCodeModel");
String path = req.getSession().getServletContext().getContextPath() + "/jsps/login.jsp";
/*if(userCode == null || "".equals(userCode)){
res.sendRedirect(path);
return false;
throw new SessionTimeoutException();
}else{
return true;
}*/
/*if(req.getHeader("x-requested-with")!=null
&&req.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){
res.setHeader("sessionStatus", "timeout");
}
res.getWriter().print("timeout");
return true;*/
if(userCode == null || "".equals(userCode)){
if(req.getHeader("x-requested-with")!=null
&&req.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){
res.setHeader("sessionStatus", "timeout");
}else{
res.sendRedirect(path);
}
return false;
}
return true;
}
}
3、在spring-mvc.xml里面加这个拦截器的拦截过滤
<!-- session失效拦截 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" /><!-- 拦截的目录-->
<mvc:exclude-mapping path="/user/login.do" /><!-- 不需要拦截的请求-->
<mvc:exclude-mapping path="/user/loginAgain.do" />
<mvc:exclude-mapping path="/jsps" />
<mvc:exclude-mapping path="/jquery-easyui-1.5.3" />
<mvc:exclude-mapping path="/content" />
<mvc:exclude-mapping path="/WEB-INF" />
<bean class="com.ht.spring.interceptor.SystemSessionInterceptor"></bean><!-- 拦截器的加载类-->
</mvc:interceptor>
</mvc:interceptors>
4、增加一个异常处理的js,在每一个页面加以引用
$.ajaxSetup({
error:function(XMLHttpRequest, textStatus, errorThrown){
if(XMLHttpRequest.status==403){
alert("您没有权限访问此资源或者进行操作");
return false;
}
},
complete:function(XMLHttpRequest, textStatus){
var sessionStatus = XMLHttpRequest.getResponseHeader("sessionStatus");
if(sessionStatus == "timeout"){
$.messager.alert("系统提示", "登录超时,请重新登录");
setTimeout(function(){
var top = getTopWinow();
//$.messager.alert("系统提示", "登录超时,请重新登录");
var curPath = window.document.location.href;
var pathName = window.document.location.pathname;
var pos = curPath.indexOf(pathName);
var lacalhostPath = curPath.substring(0,pos);
var prjName = pathName.substring(0,pathName.substr(1).indexOf("/")+1);
//top.location.href="${pageContext.request.contextPath}"+"/jsps/login.jsp";
top.location.href = lacalhostPath + prjName +"/jsps/login.jsp";
},1000);
}
}
});
function getTopWinow(){
var p =window;
while(p != p.parent){
p = p.parent;
}
return p;
}