Ajax Session Timeout处理

对于session过期跳转的问题，很简单，就是一个过滤器，然后判断session为空？跳转：继续。但是对于ajax的请求，需要做特殊处理，见下面代码中的

// 此处考虑ajax操作session过期的操作，如果ajax请求过程中session过期，则指定过期状态码为：911.
String requestType = req.getHeader("X-Requested-With");

因为ajax请求的时候请求头是：X-Requested-With，so我们可以根据该请求头做session过期处理。

下面是过滤器的实现，可以作为参考。

package com.***.action.util;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * 标题：SessionFilter.
 * 
 * 描述：session expire filter.
 * 
 * @author lgscofield.
 */
public class SessionFilter implements Filter {

    private final static Log LOGGER = LogFactory.getLog(SessionFilter.class);

    /**
     * 过滤器配置
     */
    private FilterConfig filterConfig;

    /**
     * 超时页面
     */
    protected String sessionTimeOutPage = null;

    /**
     * 某些url前缀列表(如: /css/*, /js/*, /images/***...)
     */
    private List ignoreURIs = new ArrayList();

    /**
     * 静态资源列表(如: *.css, *.js, *.jpg...)
     */
    private List ignoreExts = new ArrayList();

    /**
     * 个别动态资源(如: login.action, navigate.action, login.jsp...)
     */
    private List ignoreActions = new ArrayList();

    /**
     * Default Construct.
     */
    public SessionFilter() {
        super();
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        LOGGER.info("Init LogFilter Start.");
        this.filterConfig = filterConfig;
        // this.context = this.filterConfig.getServletContext();
        // startMonitor();

        // 某些URL前缀不予处理（例如 /img/***）
        String ignores = filterConfig.getInitParameter("ignore");
        if (ignores != null) {
            for (String ig : StringUtils.split(ignores, ',')) {
                ignoreURIs.add(ig.trim());
            }
        }

        // 某些URL扩展名不予处理(例如 *.jpg)
        ignores = filterConfig.getInitParameter("ignoreExts");
        if (ignores != null) {
            for (String ig : StringUtils.split(ignores, ',')) {
                ignoreExts.add('.' + ig.trim());
            }
        }

        // 某写页面及Action不予处理(例如login.jsp,login.action)
        ignores = filterConfig.getInitParameter("ignoreActions");
        if (ignores != null) {
            for (String ig : StringUtils.split(ignores, ',')) {
                ignoreActions.add(ig.trim());
            }
        }

        LOGGER.info("Init LogFilter End.");
    }

    @Override
    public void destroy() {
        this.filterConfig = null;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        // HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper((HttpServletResponse) response);

        resp.setCharacterEncoding("UTF-8");
        HttpSession session = req.getSession(true);
        String requestUrl = req.getRequestURI();
        String redirectPath = req.getContextPath() + "/navigate.action";

        try {

            //过滤URL前缀
            /*
             * for (String ignoreURI : ignoreURIs) { if (requestUrl.startsWith(ignoreURI)) { chain.doFilter(req, resp);
             * return; } }
             */

            //过滤URL后缀
            for (String ignoreExt : ignoreExts) {
                if (requestUrl.endsWith(ignoreExt)) {
                    chain.doFilter(req, resp);
                    return;
                }
            }

            // 过滤登陆action/jsp
            for (String ingonAction : ignoreActions) {
                if (isContains(requestUrl, ingonAction)) {
                    chain.doFilter(req, resp);
                    return;
                }
            }

            if (requestUrl.endsWith("/portal/") || requestUrl.endsWith("/portal")) {
                resp.sendRedirect(redirectPath);
                return;
            }
        } catch (SecurityException e) {
            String loginPage = req.getContextPath() + URLEncoder.encode(requestUrl, "utf-8");
            resp.sendRedirect(loginPage);
        }

        // 验证session是否过期
        Object user = session.getAttribute("userInfo");
        if (user == null) {
            
            // 此处考虑ajax操作session过期的操作，如果ajax请求过程中session过期，则指定过期状态码为：911.
            String requestType = req.getHeader("X-Requested-With");
            if (!StringUtils.isEmpty(requestType) && requestType.equalsIgnoreCase("XMLHttpRequest")) {
                resp.setStatus(911);
                resp.setHeader("sessionstatus", "timeout");
                resp.addHeader("loginPath", redirectPath);
                return;
            } else {
                // wrapper.sendRedirect(redirectPath);
                resp.sendRedirect(redirectPath);
                return;
            }
        } else {
            chain.doFilter(request, response);
            return;
        }
    }

    public static boolean isContains(String container, String regx) {
        boolean result = false;

        if (container.indexOf(regx) != -1) {
            return true;
        }
        return result;
    }

}

 最后就是页面上的处理了，此处应用了jquery全局事件处理机制：

$(function(){
    $.ajaxSetup({
        contentType: "application/x-www-form-urlencoded;charset=utf-8",
        cache: false,
        complete: function(XHR, TS){
            var resText = XHR.responseText;
            var sessionstatus = XHR.getResponseHeader("sessionstatus");
            var loginPath = XHR.getResponseHeader("loginPath");
            if (911 == XHR.status && "timeout" == sessionstatus) {
                // 此处使用了开源的消息确认框 
                $.messager.confirm('session过期', '您的会话已经过期，请重新登陆后继续操作！', function(confirm){
                    if (confirm) {
                        window.location.replace(loginPath);
                    }
                });
                // 也可以使用下面的原生js的确认框，如果确认则跳转
                if(window.confirm('session过期', '您的会话已经过期，请重新登陆后继续操作！')) {
                    window.location.replace(loginPath);
                }
                return;
            }
        }
    });
});