In the Spring Boot project, I want to clear the Session by making a get request and extend the session with an XMLHttpRequest request.
Any ideas on how I can do it?
Related
I'm setting the session timeout in the application properties
server.servlet.session.timeout=10m
But I want to change it when the user in specific pages is there any method to do it?
I'm writing a web application with Spring boot, Spring web flow and thymeleaf. When the user session expires the csrf token in the registration form expires.
How can I handle the session expiration showing a template file in Spring web flow?
Session should be handled by Spring Security. You can redirect the current user to another page by adding configuration like this:
http.sessionManagement()
.expiredUrl("/sessionExpired.html")
.invalidSessionUrl("/invalidSession.html");
In Thymeleaf, you can use session variable and add th:if attribute to check if session exist or something similar:
${session.isEmpty()}
Check this answer https://stackoverflow.com/a/22120387/2230060
I am writing an Angular4 app with Spring Boot backend. I am using a SessionScoped bean to store the logged in user (I know this is not RESTful and stuff and I am ok with it for now) and RestControllers for the endpoints.
Logging in and querying data with Postman works nicely, but it does not work from my angular app, so I debugged it a little and saw that I get jsessionid-s in the response-headers, but they are not appended in the requests.
What might be the problem? How can I use Angular with Spring Boot and session scoped beans?
It depends on how your are calling the backend.
If you are using angular-cli and the proxying the calls to spring boot it should work out of the box since same domain requests always pass cookies.
This is the preferred way because usually this is how you then deploy it live using a nginx location block to get all /api/ calls go to spring and everything else to angular.
https://github.com/angular/angular-cli/blob/master/docs/documentation/stories/proxy.md
If you have the api on a different host you will need to pass withCredentials: true to all requests going to the backend to force the request to include the cookies.
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
this.http.post('http://localhost:3000/api/thing', { withCredentials: true }).subscribe()
I developed a web application using spring and hibernate. By using Spring Security , i am restricting one session per user. When user try to attempt multiple login then old session will be invalidated and new one will be active.I have registered HttpSessionListener in my web.xml file.In sessionDistroyed method i am writing some functionality that will be executed when Http Session getting invalidating.
Now problem is when a single user try to do multiple login ,spring security expiring the old session but not invalidating the old session.So in that case sessionDistroyed method not being executed.But i want sessionDistroyed method to be called when spring security expiring the old session.
Can anyone please help to resolve this problem.
An application has been integrated into liferay using iFrame. Application is developed in JSF with bean being in session scoped. For authentication CAS has been used with liferay. The application uses login username of liferay. When liferay is loggout out, the session of application is not cleared so because of which logging with another account shows old data. How can I clear the session of application when logging out of liferay?
Looking for the help.
Have a look at com.liferay.portal.action.LogoutAction.execute() method. Here at line#100.
You have to call your jsf application code at this moment to invalidate the session that you have in that particular application.
Now, in order to change the LogoutAction, you can use the EXT environment or you can write the code into LogoutPostAction by modifying the same using hook.