难道是直接将session访问封装成接口(serverlet概念里面的.do?),前台每次页面访问或者ajax请求都先访问这个session的接口?
这个难道就是传说中的后台的前端?
只用过php,没接触过java web开发,有点昏,感觉这个思路可能是完全不正确的,望指点!
黄舟2017-04-17 13:14:54
Use cookies to save it. Most session implementations save the session ID in cookies.
For each request, add a filter and process it. If the session ID is valid, it will be released. If it expires or there is no session ID, 404 will be returned
高洛峰2017-04-17 13:14:54
I suggest you try Apache Shiro, this thing is very flexible.
You can customize the verification method, authorization method, permission granularity, and authorization method according to your own needs. You can perform session management without the container, and it is very friendly to Spring.
PHPz2017-04-17 13:14:54
Regardless of language, permission management can be achieved by selecting proxy mode.