When the session fails, we can intercept and redirect to the landing page through the filter, but if the request is an AJAX request, the page will not be redirected because Ajax returns data and cannot return to the page.
Unlike other requests, Ajax asynchronous requests contain x-requested-with:xmlhttprequest in the request header, looking at the difference between the two graphs below.
We can use it to determine whether a request is asynchronous or not, and if so, we can return a sessionstatus on the page to determine if the session is invalidated by judging the value of the sessionstatus.
The first one is a normal request:
The second one is Ajax.
However, if each Ajax is written in this way, the workload is great.
Because I am using ExtJS, and ext Ajax is a single example, so we can write a single JS file, in the inside write session timeout verification code, other pages as long as the introduction of this JS can be.
Look at the code below, first of all, filter:
Import java.io.IOException;
Import Java.io.PrintWriter;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
Import javax.servlet.http.HttpSession; public class Sessionfilter implements Filter {public void Destroy () {} public void Dofilter (ServletRequest r Equest, servletresponse response, Filterchain chain) throws IOException, servletexception {Httpservle
Trequest HttpRequest = (httpservletrequest) request;
HttpServletResponse HttpResponse = (httpservletresponse) response;
HttpSession session = Httprequest.getsession ();
String URL = Httprequest.getrequesturi ();
String path = url.substring (Url.lastindexof ("/")); if (check (path) && session.getattributE ("user") = = null) {//Intercept Ajax if (Httprequest.getheader ("X-requested-with")!= null
&& Httprequest.getheader ("X-requested-with"). Equalsignorecase ("XMLHttpRequest")) {
Httpresponse.addheader ("Sessionstatus", "timeout"); Chain.dofilter (request, response);//no less, or the request will be wrong}else {String str = ' <script language= ' ja
Vascript ' >alert (' session expired, please login again '); "
+ "window.top.location.href=index.jsp '" + "';</script>"; Response.setcontenttype ("Text/html;charset=utf-8");//Resolve Chinese garbled try {printwriter writer
= Response.getwriter ();
Writer.write (str);
Writer.flush ();
Writer.close ();
catch (Exception e) {e.printstacktrace ();
}
} else {chain.dofilter (request, response);
}/** * Determines whether the path is to be intercepted: true "yes" * @param path * @return/public boolean check (String path) { if (Path.indexof ("login")!= -1| |
Path.indexof ("logout")!=-1)//do not intercept login login return false;
return true; @Override public void init (Filterconfig arg0) throws Servletexception {//TODO auto-generated Method St UB}}
The configuration in Web.xml is then:
<filter>
<filter-name>sessionFilter</filter-name>
<filter-class> com.web.helper.session.sessionfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</ Filter-mapping>
The following is the Ajax timeout verification code [Ajax_timeout.js], the page after the introduction of the JS, each AJAX request will call this code
Ajax callback function handles session expiration
Ext.Ajax.on (' Requestcomplete ', checkusersessionstatus, this);
function Checkusersessionstatus (conn,response,options) {
var status = Response.getresponseheader ("Sessionstatus ");
Ext encapsulates the Response object
if (status== "timeout") {
window.location.href= "index.jsp";
}
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
It was later found that the return value of the submit was not received if the code was uploaded with the form's submit submission, because the return value of Ajax and submit is different:
We have to do different things:
Ajax callback function handles session expiration
Ext.Ajax.on (' Requestcomplete ', checkusersessionstatus, this);
function Checkusersessionstatus (conn,response,options) {
console.info (response);
Console.info (response.status);
if (response.status==undefined) {
//resolve problem with form submission
}else{
var status = Response.getresponseheader (" Sessionstatus ");
Ext encapsulates the Response object
if (status== "timeout") {
window.location.href= "index.jsp";}
}}