如何停止浏览器之间的选项卡共享会话?
如何不在多个浏览器标签之间共享会话?
How to NOT share session between multiple browser tabs ?
我正在JSP/Servlet应用程序中使用Spring Security,我想知道如何使用Spring Security实现行为,即只要用户更改浏览器选项卡就*再次登录?"
I am using Spring Security in JSP/Servlet application and I want to know "How can we achieve the behavior with Spring Security where user is forced to login again whenever he changes the browser tab ?".
免责声明 问题类似于此问题和这个问题,但是由于两个问题都太旧了(即4.7岁),所以我确定今天必须有某种方法可以实现,不是吗?
Disclaimer Question is similar to this Question and this question, but since both the questions are too old (i.e. 4,7 years old) I am sure there must be some way to achieve that today, isn't it ?
成功登录后,在sessionStorage.setItem('userId',userId)中添加一些值,并且当用户打开新标签页并尝试登录时,检查sessionStorage.getItem是否('userId')如果为null可用,则表示它是一个新标签页/重定向到登录页面.
On successful login put some value in sessionStorage.setItem('userId',userId) and when ever user open new tab and tries to login check if sessionStorage.getItem('userId') is available if null it means it is a new tab / redirect to login page.
会话存储特定于选项卡,并且不同选项卡之间不共享数据.会话存储在现代浏览器中运行.
Session storage is tab specific and data are not shared between different tabs. Session storage runs in modern browser.
检查此链接了解详情
尝试下面的代码
成功登录后,请在下面的代码中添加该代码
<script>
if(typeof(Storage) !== "undefined") {
sessionStorage.setItem("uniqueIdSessionStorage", "xyz");
}
</script>
sessionStorage.getItem('uniqueIdSessionStorage') // this will be a tab specific you will not get xyz for other tabs.
1)检查sessionStorage.getItem('uniqueIdSessionStorage')是否不为null,如果为null则表示新的标签页和新用户.
1) Check if sessionStorage.getItem('uniqueIdSessionStorage') is not null, if null means new tab and new user.
2)在服务器端,总是像下面的代码一样存储会话属性
2) On server side always store session attributes like below code
session.setAttribute("userId"+UniqueValuePerUser,userId);
3)这样,您可以使用单个会话对象进行多次登录,因为每个用户密钥都是唯一的.
3) This way you can have multiple login with single session object for every user key will be unique.
4)在请求参数中以某种方式传递sessionStorage值服务器端.一种方法是发送url或输入中隐藏的地方.
4) Pass sessionStorage value server side somehow in request Parameter. One way is to send in url or somewhere hidden in input.
5)现在,如果您从选项卡中获得了12345的值.然后使用以下代码从会话中获取详细信息
5) Now if you get 12345 value from tab. Then get details from session using below code
String uniqueId= request.getParameter("uniqueId"); // value will be 12345
session.getAttribute("userId"+uniqueId);
如果从选项卡中获得45678的值,则
and if you get 45678 value from tab then
String uniqueId= request.getParameter("uniqueId"); // value will be 45678
session.getAttribute("userId"+uniqueId) // and other details from session using unique id;
6)通过这种方式,在单个会话中使用唯一密钥可以实现多次登录,但是如果一次注销使会话无效,则其他用户也将被注销,因为会话对象是具有唯一密钥的对象.
6) This way with unique key in single session you can achieve multiple login but if one logout and you invalidate session other user will also get logged out because session object is one with unique key.
7)从会话中删除该特定密钥,而不是使会话无效.
7) Instead of invalidate session remove that particular key from session.
session.removeAttribute("userId"+uniqueId);