Java engineering accumulation-solutions for failure of permission verification in Ajax, javaajax

Java engineering accumulation-solutions for failure of permission verification in Ajax, javaajax

Recently, our projects have been tested and used very well, and our customer response is also very good. However, just two days ago, the customer raised a bug, but the whole team was not clear, when I was doing a bus today, I suddenly thought of a possibility, that is, we used to encounter a problem with ajax submission!

Cause:

Requirement: when determining whether the user session has timed out, we use aop to determine before all requests. If the user login information in the session is lost, log on again, otherwise, continue!
Bug: submit on the page, jump to the normal judgment, but after the user session expires, directly use Ajax to submit, submit failed!


Initial Plan:

Solution 1:
Modify the session expiration time (uncured)
Solution 2:
Abstract Public js. First, verify whether the session is logged on. If the session is not logged on, the logon page is returned (I think it is best because it is added instead of modified without modifying the original one)
Solution 3:
Abstract The Public ajax solution. The ajax method is used to call this method in a unified manner.


Advantages and disadvantages:
Modifying the session expiration time (permanent) to cure the problem may also lead to a decline in system performance. It should be a suitable time for debugging or replaced by a cookie solution!
Abstract Public js and Abstract Public ajax solutions. Each call must be changed. The changes are too large, resulting in more system maintenance work!


More elegant solution: first, an interceptor is created to determine the session timeout. After a user logs on, the user information will be saved in a session. In a session listener, session Timeout will destroy the user information stored in the session, the interceptor checks whether the session times out by checking the user information in the session. (I always think this method is not very good. I don't know what else is better .)

The Interceptor is a spring-mvc Interceptor. In the interceptor, determine if it is an ajax request:

<Span style = "font-size: 18px;"> 1. public boolean preHandle (HttpServletRequest request, 2. httpServletResponse response, Object handler) throws Exception 3. {4. if (request. getSession (). getAttribute ("user") = null) // determines whether the session contains user information. {6. if (request. getHeader ("x-requested-")! = Null 7. & request. getHeader ("x-requested-with") 8 .. equalsIgnoreCase ("XMLHttpRequest") // If the ajax request response header is used, x-requested-with; 9. {10. response. setHeader ("sessionstatus", "timeout"); // set session status 11 in the response header. return false; 12 .} 13. 14 .} 15. return true; 16 .} </span>

In this way, if the session times out and is an ajax request, there will be a timeout in the Response Header;


Use a global method to process the page to jump to when the session times out.
Jquery can use the $. ajaxSetup method, and ext has a similar method.

<Span style = "font-size: 18px;"> 1. // global ajax access. The sesion times out when ajax is cleared. 2. $. ajaxSetup ({3. contentType: "application/x-www-form-urlencoded; charset = UTF-8", 4. complete: function (XMLHttpRequest, textStatus) {5. var sessionstatus = XMLHttpRequest. getResponseHeader ("sessionstatus"); // get the response header Through XMLHttpRequest, sessionstatus, 6. if (sessionstatus = "timeout") {7. // If timeout occurs, specify the page to jump to. 8. window. location. replace ("$ {path}/common/login. do "); 9 .} 10 .} 11 .} 12 .}); </span>

Conclusion: a qualified engineer can provide a solution to System bugs in a timely manner, but an excellent engineer will never stop here and will analyze the advantages and disadvantages of each solution, select a more elegant solution or provide this solution!
When we adapt to the title of qualified engineers, are we moving towards excellent engineers?