1. Configure the session timeout time in web.xml
<!-- 配置session超时时间,单位分钟 -->
<session-config>
<session-timeout>180</session-timeout>
</session-config>
2. I also post a session tool class of mine here to facilitate access to user information in the session after successful login.
package com.wzxy.nc.util;
import com.opensymphony.xwork2.ActionContext;
import com.wzxy.nc.entity.SysUser;
public class HttpSessionUtil{
@SuppressWarnings("unchecked")
public static <T> T getObject(String key,T t){
return (T)ActionContext.getContext().getSession().get(key);
}
public static void put(String key,Object value){
ActionContext.getContext().getSession().put(key, value);
}
public static SysUser getCurrentUser(){
// SysConstant.LOGIN_USER 是一个字符串,也就是你放到session用户信息的key
return (SysUser) ActionContext.getContext().getSession().get(SysConstant.LOGIN_USER);
}
}
- Write an interceptor class to implement the interception logic
package com.wzxy.nc.interceptor;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.wzxy.nc.entity.SysUser;
import com.wzxy.nc.util.HttpSessionUtil;
public class LoginInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 7860956813431996758L;
private static final Logger logger = LoggerFactory.getLogger(LoginInterceptor.class);
@Override
public String intercept(ActionInvocation ai) throws Exception {
logger.info("************** 登陆拦截器 **************");
// 取得请求的URL
String url = ServletActionContext.getRequest().getRequestURL().toString();
HttpServletResponse response = ServletActionContext.getResponse();
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
SysUser user = null;
// 对登录与注销请求直接放行,不予拦截
if (url.indexOf("login") != -1 || url.indexOf("logout") != -1) {
return ai.invoke();
} else {
// 验证Session是否过期
if (!ServletActionContext.getRequest().isRequestedSessionIdValid()) {
// session过期,转向session过期提示页,最终跳转至登录页面
return "relogin";
} else {
user = HttpSessionUtil.getCurrentUser();
// 验证是否已经登录
if (user == null) {
logger.info("尚未登录");
// 尚未登录,跳转至登录页面
return "relogin";
} else {
return ai.invoke();
}
}
}
}
}
4. Configure this interceptor in struts2 and run the project test
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<package name="default" namespace="/" extends="json-default,struts-default">
<interceptors>
<interceptor name="loginInterceptor" class="com.wzxy.nc.interceptor.LoginInterceptor"/>
<interceptor-stack name="loginStack">
<interceptor-ref name="loginInterceptor" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>
<global-results>
<result name="relogin" type="redirect">/login.jsp</result>
</global-results>
<action name="*_*" method="{2}" class="com.wzxy.nc.controller.{1}Controller">
<result name="success">${forwardPage}</result>
<result name="error">${forwardPage}</result>
<result name="redt" type="redirect">${forwardPage}</result>
<result name="download" type="stream">
<!-- 指定下载文件的类型 -->
<param name="contentType">application/octet-stream</param>
<!-- 指定下载文件的位置 -->
<param name="inputName">fileInputStream</param>
<param name="contentDisposition">attachement;filename=${downFileName}</param>
<!-- 指定下载文件的缓冲大小 -->
<param name="bufferSize">4096</param>
</result>
<result name="json" type="json">
<param name="root">dataMap</param>
</result>
<interceptor-ref name="loginStack" />
</action>
</package>
</struts>
5. It should be noted that if the page is nested in an iframe or frameset, write this paragraph of js on the landing page, so that the entire iframe can be jumped out.
<script language="javascript">
if(window !=top){
top.location.href=location.href;
}
</script>