【Springf Security】入门篇-设置session超时和阻止并发登录

如访问一些网站时登录成功后，网站可以记住用户，且在退出之前都可以识别当前用户是谁。

设置session超时时间

server:
  servlet:
    session:
      timeout: 60  #设置超时时间60s

设置session超时之后跳转

http.sessionManagement().invalidSessionUrl("/session/invalid")

controller上加个方法，url对应/session/invalid

测试如下：

2.同一用户多个浏览器登录

http.sessionManagement().invalidSessionUrl("/session/invalid").maximumSessions(1).expiredSessionStrategy(new MyExpiredSessionStrategy())

public class MyExpiredSessionStrategy  implements SessionInformationExpiredStrategy {
    @Override
    public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException, ServletException {
        HttpServletResponse response = event.getResponse();
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write("并发登录");
    }
}

3.阻止并发登录

.sessionManagement().invalidSessionUrl("/session/invalid").maximumSessions(1).expiredSessionStrategy(new MyExpiredSessionStrategy()).maxSessionsPreventsLogin(true)