Recently done in a front-end separation of a project, which involves the issue of login verification. I'm using token plus filter.
1, the front-end request login, with the user name and add the current time to generate a token, into Redis, and then back to the front end.
2, after each request the front end with token, in the filter to do the verification.
3, determine whether token is valid, valid is released, invalid is redirected to the login page.
There is a problem with the JSON data returned by the AJAX request or HTML. The default is to partially refresh the page. Sendredirect ("XXX") redirection is not valid.
The solution is a front-back and back-table fit.
Add the following in the filter
Java
Httpresponse.addheader ("REDIRECT", "REDIRECT");//Tell Ajax that this is a redirect
Httpresponse.addheader ("ContextPath", tokenurl);//redirect Address
The following two lines appear in the response header
Then the front-end code is as follows:
$.ajaxsetup ({
complete:function (XMLHttpRequest, textstatus) {
//via XMLHttpRequest Get response header, REDIRECT
var redirect = Xmlhttprequest.getresponseheader ("redirect"),//If the header contains redirect indicating that the backend wants to redirect
alert (redirect);
if (redirect = = "Redirect") {
var win = window;
while (win! = Win.top) {
win = win.top;
}
win.location.href= Xmlhttprequest.getresponseheader ("ContextPath");}}
);
Ajaxsetup's users Baidu emphasizes content
This is probably the same idea on the Internet. But there's a pit,
Xmlhttprequest.getresponseheader ("XXX"), a cors-resolved Ajax cross-domain, is not getting to the request header. The value of the getResponseHeader is always empty.
To set the white list of the response headers via access-control-expose-headers.
Httpresponse.addheader ("Access-control-expose-headers", "Redirect,contextpath"); Set the field you want to pass. To get the value.