问题描述
我正在尝试在Java中超时 HttpSession 。我的容器是WebLogic。
I'm trying to timeout an HttpSession in Java. My container is WebLogic.
目前,我们在 web.xml 文件中设置了会话超时,就像这个
Currently, we have our session timeout set in the web.xml file, like this
<session-config>
<session-timeout>15</session-timeout>
</session-config>
现在,我被告知这将终止会话(或者是所有会话?)在使用的第15分钟,无论他们的活动如何。
Now, I'm being told that this will terminate the session (or is it all sessions?) in the 15th minute of use, regardless their activity.
我想知道这种方法是否正确,或者我应该以编程方式设置不活动的时间限制
I'm wondering if this approach is the correct one, or should I programatically set the time limit of inactivity by
session.setMaxInactiveInterval(15 * 60); //15 minutes
我不想在15分钟内放弃所有会话,只有那些会话已停用15分钟。
I don't want to drop all sessions at 15 minutes, only those that have been inactive for 15 minutes.
这些方法是否相同?我应该支持 web.xml 配置吗?
Are these methods equivalent? Should I favour the web.xml config?
推荐答案
这是错误。当关联的客户端(webbrowser)未访问网站超过15分钟时,它将终止会话。看到你尝试解决这个问题时,活动肯定会与你最初预期的一样重要。
This is wrong. It will just kill the session when the associated client (webbrowser) has not accessed the website for more than 15 minutes. The activity certainly counts, exactly as you initially expected, seeing your attempt to solve this.
不顺便说一下,这里改变不多。它与 web.xml
中的< session-timeout>
完全相同,唯一的区别就是你可以在运行时以编程方式更改/设置它。顺便说一下,这种改变只影响当前的会话实例,而不是全局的(否则它会是一个静态
方法)。
The HttpSession#setMaxInactiveInterval()
doesn't change much here by the way. It does exactly the same as <session-timeout>
in web.xml
, with the only difference that you can change/set it programmatically during runtime. The change by the way only affects the current session instance, not globally (else it would have been a static
method).
要玩耍并体验你自己,请尝试设置< session-timeout>
到1分钟并创建一个如下所示:
To play around and experience this yourself, try to set <session-timeout>
to 1 minute and create a HttpSessionListener
like follows:
@WebListener
public class HttpSessionChecker implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent event) {
System.out.printf("Session ID %s created at %s%n", event.getSession().getId(), new Date());
}
public void sessionDestroyed(HttpSessionEvent event) {
System.out.printf("Session ID %s destroyed at %s%n", event.getSession().getId(), new Date());
}
}
(如果你'还没有在Servlet 3.0上,因此无法使用 @WebListener
,然后在 web.xml
中注册,如下所示) :
(if you're not on Servlet 3.0 yet and thus can't use @WebListener
, then register in web.xml
as follows):
<listener>
<listener-class>com.example.HttpSessionChecker</listener-class>
</listener>
请注意,在完全超时后,servletcontainer不会立即销毁会话值。这是一个后台工作,以一定的时间间隔运行(例如5到15分钟,具体取决于负载和servletcontainer品牌/类型)。因此,如果在一分钟不活动后立即在控制台中看不到销毁
行,请不要感到惊讶。但是,当您在暂停但未被破坏的会话中触发HTTP请求时,它将立即被销毁。
Note that the servletcontainer won't immediately destroy sessions after exactly the timeout value. It's a background job which runs at certain intervals (e.g. 5~15 minutes depending on load and the servletcontainer make/type). So don't be surprised when you don't see destroyed
line in the console immediately after exactly one minute of inactivity. However, when you fire a HTTP request on a timed-out-but-not-destroyed-yet session, it will be destroyed immediately.
- How do servlets work? Instantiation, sessions, shared variables and multithreading
这篇关于SessionTimeout:web.xml与session.maxInactiveInterval()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!