Shulou(Shulou.com)06/01 Report--

This article is about SpringBoot2.x how to set Session expiration time and expiration jump content. Xiaobian thinks it is quite practical, so share it with everyone for reference. Let's follow Xiaobian and have a look.

Set Session expiration time and expiration jump #Session timeout setting, unit is seconds, default is 30 minutes server.servlet.session.timeout=10

However, it doesn't work because SpringBoot writes this in Tomcat Servlet Web Server Factory code.

private long getSessionTimeoutInMinutes() { Duration sessionTimeout = this.getSession().getTimeout(); return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L); }

If someone doesn't understand what Duration is, I don't recommend reading it because it doesn't help.

How to jump to Session invalidation address after Session invalidation package cn.coreqi.security.config; import cn.coreqi.security.Filter.SmsCodeFilter;import cn.coreqi.security.Filter.ValidateCodeFilter;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org. springframework. context. annotation.Configuration;import org. springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.password.NoOpPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler; @Autowired private AuthenticationFailureHandler coreqiAuthenticationFailureHandler; @Autowired private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig; @Bean public PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); } @Override protected void configure(HttpSecurity http) throws Exception { ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter(); validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler); SmsCodeFilter smsCodeFilter = new SmsCodeFilter(); //http.httpBasic() //httpBasic Login BasicAuthenticationFilter http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) //load username password filter in front .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) //load username password filter in front .formLogin() //form login UsernamePasswordAuthenticationFilter .loginPage("/coreqi-signIn.html") //Specify login page //.loginPage("/authentication/require") .loginProcessingUrl("/authentication/form") //Specifies the address of the form submission to replace the default submission address of UsernamePasswordAuthenticationFilter .successHandler(coreqiAuthenticationSuccessHandler) //After successful login, use our custom login success handler instead of Spring default. .failureHandler(coreqiAuthenticationFailureHandler) .and() .sessionManagement() .invalidSessionUrl("session/invalid") The requested URL//was not found on this server. .and() .authorizeRequests() //configure authorization requests .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //Specifies that login pages do not require authentication .anyRequest().authenticated() //any request requires authentication .and().csrf().disable() //disable CSRF .apply(smsCodeAuthenticationSecurityConfig); //FilterSecurityInterceptor Last link in the entire SpringSecurity filter chain }} @GetMapping("/session/invalid") @ResponseStatus(code = HttpStatus.UNAUTHORIZED) public SimpleResponse sessionInvalid(){ String message = "session expired"; return new SimpleResponse(message); There are several ways to disable the Session if it is version 1.5.6

Here you can add bean files to your application

package com.example.demo;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;import org.springframework.context.annotation.Bean;@SpringBootApplicationpublic class DemoApplication {undefinedpublic static void main(String[] args) { SpringApplication.run (DemoApplication.class, args);}//Set session expiration @Beanpublic EmbeddedServletContainerCustomizer containerCustomizer() { return new EmbeddedServletContainerCustomizer() { public void customize(ConfigurableEmbeddedServletContainer container) { container.setSessionTimeout(7200);//units are S } };}}

can also set

application.yml

server:port: 8081servlet:session:timeout: 60s

@RestControllerpublic class HelloController {undefined@PostMapping("test")public Integer getTest(@RequestParam("nyy")String nn, HttpServletRequest httpServletRequest ){ HttpSession session = httpServletRequest.getSession(); session.setMaxInactiveInterval(60); int maxInactiveInterval = session.getMaxInactiveInterval(); long lastAccessedTime = session.getLastAccessedTime(); return maxInactiveInterval;}}

Thank you for reading! About "SpringBoot2.x how to set the Session expiration time and failure jump" This article is shared here, I hope the above content can be of some help to everyone, so that everyone can learn more knowledge, if you think the article is good, you can share it to let more people see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.