SEC-1379: Added creation of a session if session timeout is detected (requested session ID is invalid).
This prevents problems with repeated detection of the same invalid session when the redirected request comes in.
This commit is contained in:
parent
d931495c8a
commit
0974e21fb6
|
@ -33,7 +33,7 @@
|
|||
<x509 />
|
||||
-->
|
||||
<!-- Uncomment to limit the number of sessions a user can have -->
|
||||
<session-management invalid-session-url="/something">
|
||||
<session-management invalid-session-url="/timeout.jsp">
|
||||
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
|
||||
</session-management>
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
<%@page session="false" %>
|
||||
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
|
||||
|
||||
<html>
|
||||
<title>Session Timeout</title>
|
||||
<body>
|
||||
<h2>Invalid Session</h2>
|
||||
|
||||
<p>
|
||||
Your session appears to have timed out. Please <a href="<c:url value='/'/>">start again</a>.
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
|
@ -84,7 +84,8 @@ public class SessionManagementFilter extends GenericFilterBean {
|
|||
logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
|
||||
|
||||
if (invalidSessionUrl != null) {
|
||||
logger.debug("Redirecting to '" + invalidSessionUrl + "'");
|
||||
logger.debug("Starting new session (if required) and redirecting to '" + invalidSessionUrl + "'");
|
||||
request.getSession();
|
||||
redirectStrategy.sendRedirect(request, response, invalidSessionUrl);
|
||||
|
||||
return;
|
||||
|
|
Loading…
Reference in New Issue