I have a spring web application and I did user authentication using Spring security.
Everything works well. Log in and Log out works perfect!
Now, I want to implement in order to log out automatically. For example, if user has a window opened for about 30 minutes and do nothing (Sessions expired for instance) system should log out automatically. How can I implement this?
It might be implemented by client side (I send requests every 1 minutes and check if session is ended). But can't I do this automatically from Spring?
I have this config:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" />
<access-denied-handler error-page="/403" />
<form-login login-page="/login"
default-target-url="/admin"
authentication-failure-url="/login?error"
username-parameter="NAME"
password-parameter="PASSWORD" />
<logout invalidate-session="true"
logout-success-url="/login?logout"/>
</http>
and in web.xml
<session-config>
<session-timeout>1</session-timeout>
</session-config>
after 1 minute, I see that session was destroyed. kill the session after 1 minute. but page was not redirected to /login?logout
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…