问题描述

我正在使用 Spring 安全身份验证，并且在成功登录后设置会话.我已将 session-timeout 配置为 10 分钟，但几分钟后会话被删除.我不知道为什么.

I am using Spring security authentication and after successful logis is session set. I have configured session-timeout on 10 minutes, but session is removed after few minutes. I don't know why.

这里是调试输出:

2013-09-13 12:34:29 DEBUG HttpSessionEventPublisher:83 - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@5d67c24a]
2013-09-13 12:34:29 DEBUG SessionRegistryImpl:156 - Removing session CA174F1B4B889FFDBF47E22C7C4D5A0B from principal's set of registered sessions
2013-09-13 12:34:29 DEBUG SessionRegistryImpl:164 - Removing principal org.springframework.security.core.userdetails.User@d50fea1e: Username: tester; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MANAGER,ROLE_USER from registry

web.xml

<session-config>
    <session-timeout>10</session-timeout>
</session-config>

推荐答案

可以通过多种方式覆盖会话超时.请参阅 http://docs.oracle.com/javaee/1.3/api/javax/servlet/http/HttpSession.html#setMaxInactiveInterval(int).确保没有其他任何东西覆盖它(Web/App 服务器、框架等).

Session timeout can be overridden by various means.See http://docs.oracle.com/javaee/1.3/api/javax/servlet/http/HttpSession.html#setMaxInactiveInterval(int).Make sure there isn't anything else that is overriding it (Web/App server, framework, ...).

这篇关于Spring 为什么会话在会话超时之前过期?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！