How do I create a new session in spring?
I am using spring 3 (annotations) with jsf and I know how to create a session and how to invalidate it afterwards ...
so when i log in and use the logout button at the end then everything works fine. but the problem is that the session stays on unless I press the exit button. if I am currently logged in with another user, then the old session data remains - because the old session was not canceled.
so how can I force the system to create a new session if the old session has not been canceled?
source to share
You have to clear the session when the user logs in. This way, whether they are logged out or not, you start a new one:
@RequestMapping("login")
public String login(LoginForm form, HttpServletRequest request, HttpSession session) {
session.invalidate();
HttpSession newSession = request.getSession(); // create session
// log the user in
return "successPage";
}
source to share
Another way to accomplish what you want to do is using Spring Security. I'm not sure if you considered this, but by default it will handle invalid ones and create new sessions for every user login for you. Plus, it has other features that you may or may not find useful. This link might be helpful: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html . Scroll to "3.3.3 / Session Fixation Protection" for more information on your question
To create a new session after logging out, check the session.isNew()
condition if the session is old , then call invalidate()
. Redirect the login method to / login . It checks the session and creates a new session when the method is called invalidate()
.
Exit code:
@RequestMapping("/logout")
public String logout() {
return "redirect:/login";
}
Login code:
@RequestMapping(value = "/login")
public String login(HttpServletRequest request, HttpSession session) {
/*
* create new session if session is not new
*/
if (!session.isNew()) {
session.invalidate();
}
return "login";
}
source to share