在Struts应用中，我们发出的请求都会经过 相应的拦截器进行相关处理，一般都会有一个用户登录拦截（Session失效拦截）；一般请求的话，如果Session失效时，我们会跳到登录页面，可是如果我们采用AJAX请求时，将会返回登录页面的HTML代码，这肯定不是我们想要的，那么我们如何解决呢？请看以下步骤：

一、建立拦截器

Java代码

1. packagecom.xxx.planeap.interceptor;

3. importjavax.servlet.http.HttpServletRequest;

4. importjavax.servlet.http.HttpServletResponse;

6. importorg.apache.log4j.Logger;

7. importorg.apache.struts2.ServletActionContext;

9. importcom.opensymphony.xwork2.ActionContext;

10. importcom.opensymphony.xwork2.ActionInvocation;

11. importcom.opensymphony.xwork2.ActionSupport;

12. importcom.opensymphony.xwork2.interceptor.AbstractInterceptor;

13. importcom.xxx.common.contants.ConstantsKey;

14. importcom.xxx.common.contants.SessionKey;

15. importcom.xxx.planeap.domain.User;

16. importcom.xxx.planeap.security.SecurityContextUtil;

18. /**

19. *

20. *@authorGomaOMA1989@YEAH.NET

21. *@versionv1.0

22. *@since2012-05-31

24. *

25. */

26. publicclassSecurityInterceptorextendsAbstractInterceptor{

27. privatestaticfinallongserialVersionUID=1L;

28. privateLoggerlogger=Logger.getLogger(SecurityInterceptor.class);

30. @Override

31. publicStringintercept(ActionInvocationinvocation)throwsException{

32. //TODOAuto-generatedmethodstub

34. StringclassName=invocation.getAction().getClass().getName();

35. Stringaction=className.substring(className.lastIndexOf(".")+1,className.length());

36. StringactionName=invocation.getProxy().getActionName();

38. Stringresult;

39. HttpServletRequestrequest=ServletActionContext.getRequest();

40. HttpServletResponseresponse=ServletActionContext.getResponse();

41. Stringtype=request.getHeader("X-Requested-With");

42. Useruser=(User)ActionContext.getContext().getSession().get(SessionKey.CURRENT_USER);

43. if(user==null){

44. logger.debug("SECURITYCHECKED:NEEDTOLOGIN");

45. if("XMLHttpRequest".equalsIgnoreCase(type)){//AJAXREQUESTPROCESS

46. response.setHeader("sessionstatus",ConstantsKey.MSG_TIME_OUT);

47. result=null;

48. }else{//NORMALREQUESTPROCESS

49. result=ActionSupport.LOGIN;

50. }

51. }else{

52. logger.debug("SECURITYCHECKED:USERHASLOGINED");

53. SecurityContextUtil.setCurrentUser(user);

54. booleanhanPerm=SecurityContextUtil.hasPerm(action,actionName);

55. logger.debug("SECURITYCHECKED:PERMISSION---"+action+"."+actionName+"="+hanPerm);

56. result=invocation.invoke();

57. }

58. returnresult;

59. }

60. }

二、定义全局AJAX请求结束处理方法

Js代码

1. //全局的AJAX访问，处理AJAX清求时SESSION超时

2. $.ajaxSetup({

3. contentType:"application/x-www-form-urlencoded;charset=utf-8",

4. complete:function(XMLHttpRequest,textStatus){

5. //通过XMLHttpRequest取得响应头，sessionstatus

6. varsessionstatus=XMLHttpRequest.getResponseHeader("sessionstatus");

7. if(sessionstatus=="timeout"){

8. //这里怎么处理在你，这里跳转的登录页面

9. window.location.replace(PlanEap.getActionURI("login"));

10. }

11. }

12. });