Free learning recommendation: java basic tutorial
After logging in to the general system, a current session invalidation will be set time to ensure that users automatically log out and destroy the session if they do not interact with the server for a long time
There are three specific setting methods:
1. Set in the web container (take tomcat as an example)
In tomcat -7.0\conf\web.xml, the following is the default configuration in tomcat7.0:
<session-config> <session-timeout>30</session-timeout> </session-config>
tomcat's default session timeout is 30 minutes, which can be modified as needed. A negative number or 0 means there is no limit to the session expiration time.
It should be noted here that the time set by this session is calculated based on the server, not the client. So if you are debugging the program, you should modify the server-side time for testing, not the client
2. Set
<!--时间单位为分钟--> <session-config> <session-timeout>15</session-timeout> </session-config>
in the project's web.xml. The 15 here means that it will expire in 15 minutes.
3. Set
session.setMaxInactiveInterval(30*60);//以秒为单位,即在没有活动30分钟后,session将失效
Three priority levels through java code: 1 < 2 < 3
In general systems, it may also be necessary to set the priority after the session expires. Do some operations:
1. Control the number of users. When the session fails, the number of users in the system is reduced by one. Control the number of users within a certain range to ensure the performance of the system.
2. Control a user to log in multiple times. When When the session is valid, if the same user logs in, it will prompt that they have logged in. When the session expires, you can log in directly with a different prompt
So how to perform a series of operations after the session expires?
Here you need to use a listener, that is, when the session fails due to various reasons, the listener can listen and then execute the program defined in the listener.
The listener class is: HttpSessionListener The class has two methods, sessionCreated and sessionDestroyed.
You can inherit this class and implement them respectively.
sessionCreated refers to the method executed when the session is created.
sessionDestroyed refers to the method executed when the session fails.
Example:
public class OnlineUserListener implements HttpSessionListener{ public void sessionCreated(HttpSessionEvent event){ HttpSession session=event.getSession; String id=session.getId()+session.getCreationTime(); SummerConstant.UserMap.put(id,Boolean.TRUE);//添加用户 } public void sessionDestroyed(HttpSessionEvent event){ HttpSession session=event.getSession; String id=session.getId()+session.getCreationTime(); synchronized(this){ SummerConstant.USERNum--;//用户数减- SummerConstant.UserMap.remove(id);//从用户组中移除掉,用户组为一个map } } }
Then you only need to declare the listener in web.xml
com.demo.OnlineUserListener Related learning recommendations: java Base
The above is the detailed content of Discuss in detail the time for Java to set session timeout (expiration). For more information, please follow other related articles on the PHP Chinese website!