HttpSession remains after server restart
I'm learning Spring. Doing the login/logout functionality. This is what my
controller looks like:
@RequestMapping(value="/successfulLoginAuth", method=RequestMethod.GET)
public ModelAndView postHttpLogin(HttpSession session, Authentication
authInfo)
{
ModelAndView mav = new ModelAndView();
mav.setViewName("redirect:/index.html");
session.setAttribute("authInfo", authInfo);
return mav;
}
The log in is performed via Spring Security using a dao service which I
have implemented. That works fine.
This is the content of index.jsp:
<%
HttpSession session1 = request.getSession(false);
Authentication authInfo;
if( (session1 != null) &&
( (authInfo = (Authentication)session1.getAttribute("authInfo"))
!= null)
)
{
out.print(" yo " + authInfo.getName() + " " +
authInfo.getAuthorities().iterator().next().getAuthority());
}
else
{
%>
<a href="${pageContext.request.contextPath}/registration">New? Sign
Up!</a><br/>
<a href="${pageContext.request.contextPath}/login">Existing? Sign
In!</a><br/>
<%} %>
When i log in, and restart the server, I'm still logged in. Shouldn't the
session information be lost after a server restart? If i restart the
browser, it works as it should (ie the session info is lost).
This is my Spring Security configuration:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/accessdenied" access="permitAll" />
<form-login login-page="/login"
default-target-url="/successfulLoginAuth"
authentication-failure-url="/accessdenied" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider
user-service-ref="myUserDetailsService"></authentication-provider>
</authentication-manager>
No comments:
Post a Comment