编程知识 cdmana.com

Spring security-2. Basic part session session security management

Session Session security management  

One 、Spring Security session  Create a strategy

Configuration method :

configure(HttpSecurity http)  To configure

.and().sessionManagement().
       sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)

Two 、  Session timeout configuration

springboot  There are two kinds of sessioin Timeout settings

  • server.servlet.session.timeout=15m 

  • spring.session.timout=15m ( Use springsession Time use , Higher priority )

springboot  Default shortest 1 minute , exceed 1 Minutes press 1 I'll deal with it in minutes .

Security Setting method in :

When session Jump to page after timeout :

3、 ... and 、Session Protect  session-fixation-protection

Prevent users from impersonating session. Generally, it is not modified . It is recommended to use migrationSession( Default behavior ) or  newSession.

Four 、Cookie The safety of the

 

 

版权声明
本文为[Zhang Hongliang]所创,转载请带上原文链接,感谢
https://cdmana.com/2020/12/20201224223538420F.html

Scroll to Top