避免 Spring 应用程序在浏览器关闭时注销
Avoid Spring application log out on browser close
我有一个奇怪的问题,无法解决。
问题:
我登录到我的 Spring 网络应用程序,它有很长的会话超时时间,每当我退出浏览器然后重新打开它时,访问我的网络应用程序,我每次都会看到登录页面。
只要不关闭浏览器就可以正常工作。我认为 chrome 设置有问题,但事实并非如此。它也发生在所有浏览器上。
我的web.xml:
<session-config>
<session-timeout>10000</session-timeout>
<cookie-config>
<name>myapp</name>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
我的Spring安全配置:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/login/forgot" access="permitAll" />
<security:intercept-url pattern="/login/resetpassword" access="permitAll" />
<security:intercept-url pattern="/home/admin/**" access="hasAnyRole('ROLE_admin', 'ROLE_manager')" />
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_admin', 'ROLE_manager','ROLE_user')" />
<security:form-login
login-page="/login"
login-processing-url="/login"
authentication-failure-handler-ref="authenticationFailureFilter"
authentication-success-handler-ref="authenticationSuccessHandler"
username-parameter="email"
password-parameter="password" />
<!-- enable csrf protection -->
<security:csrf/>
</security:http>
我的 web.xml 或 Spring 安全有问题吗?
请设置cookie的max age属性。
By default, -1 is returned, which indicates that the cookie will
persist until browser shutdown.
我有一个奇怪的问题,无法解决。
问题:
我登录到我的 Spring 网络应用程序,它有很长的会话超时时间,每当我退出浏览器然后重新打开它时,访问我的网络应用程序,我每次都会看到登录页面。
只要不关闭浏览器就可以正常工作。我认为 chrome 设置有问题,但事实并非如此。它也发生在所有浏览器上。
我的web.xml:
<session-config>
<session-timeout>10000</session-timeout>
<cookie-config>
<name>myapp</name>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
我的Spring安全配置:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/login/forgot" access="permitAll" />
<security:intercept-url pattern="/login/resetpassword" access="permitAll" />
<security:intercept-url pattern="/home/admin/**" access="hasAnyRole('ROLE_admin', 'ROLE_manager')" />
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_admin', 'ROLE_manager','ROLE_user')" />
<security:form-login
login-page="/login"
login-processing-url="/login"
authentication-failure-handler-ref="authenticationFailureFilter"
authentication-success-handler-ref="authenticationSuccessHandler"
username-parameter="email"
password-parameter="password" />
<!-- enable csrf protection -->
<security:csrf/>
</security:http>
我的 web.xml 或 Spring 安全有问题吗?
请设置cookie的max age属性。
By default, -1 is returned, which indicates that the cookie will persist until browser shutdown.