0

I have a soap web service and i implemented a spring security authentication.

I generated a client which is used in the front end.

My problem is that each time the client makes a request the web-service generates a session and than the session just stays there, session never gets invalidated.

Here is my part of web.xml file:

<session-config> <session-timeout>1</session-timeout> </session-config>

What I need is that the session should get invalidated after each request.

4

1 回答 1

1

Spring security http 元素有一个属性“create-session”,可以设置为“无状态”,之后将永远不会创建会话。

例如

<http pattern="/restful/**" create-session="stateless">
  <intercept-url pattern='/**' access='ROLE_REMOTE' />
  <http-basic />
</http>

此处的文档:

于 2013-05-02T21:21:04.723 回答