質問
I'm learning Spring. Doing the login/logout functionality. This is what my controller looks like:
https://stackoverflow.com/questions/19052520
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian@RequestMapping(value="/successfulLoginAuth", method=RequestMethod.GET)
public ModelAndView postHttpLogin(HttpSession session, Authentication authInfo)
{
ModelAndView mav = new ModelAndView();
mav.setViewName("redirect:/index.html");
session.setAttribute("authInfo", authInfo);
return mav;
}
The log in is performed via Spring Security using a dao service which I have implemented. That works fine.
This is the content of index.jsp:
<%
HttpSession session1 = request.getSession(false);
Authentication authInfo;
if( (session1 != null) &&
( (authInfo = (Authentication)session1.getAttribute("authInfo")) != null)
)
{
out.print(" yo " + authInfo.getName() + " " + authInfo.getAuthorities().iterator().next().getAuthority());
}
else
{
%>
<a href="${pageContext.request.contextPath}/registration">New? Sign Up!</a><br/>
<a href="${pageContext.request.contextPath}/login">Existing? Sign In!</a><br/>
<%} %>
When i log in, and restart the server, I'm still logged in. Shouldn't the session information be lost after a server restart? If i restart the browser, it works as it should (ie the session info is lost).
This is my Spring Security configuration:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/accessdenied" access="permitAll" />
<form-login login-page="/login" default-target-url="/successfulLoginAuth" authentication-failure-url="/accessdenied" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService"></authentication-provider>
</authentication-manager>
解決
I'm assuming you are using Tomcat, which uses a Manager component to persist sessions between application life-cycles. You can change all those settings in the Manager component configuration.
I think it also depends on the kind of changes you do. Eclipse's plugin for Tomcat server will decide if it should flush the serialized HttpSessions or not.
他のヒント
I am guessing you are using Tomcat,
From the Docs SaveOnRestart property
Should all sessions be persisted and reloaded when Tomcat is shut down and restarted (or when this application is reloaded)? By default, this attribute is set to true.
You can control this by changing the property to false in your context.xml
<Manager pathname="">
<saveOnRestart>false</saveOnRestart>
</Manager>
