java 会话超时时如何调用 sessionDestroyed
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1945582/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to call sessionDestroyed when a session times out
提问by mebada
I am new to JSP. I used the following code in a class that implements HttpSessionListenerto get SESSION OUT when the session times out:
我是 JSP 的新手。我在一个类中使用了以下代码,该类HttpSessionListener在会话超时时实现了 SESSION OUT:
public void sessionCreated(HttpSessionEvent arg0) {
System.out.print("SESSION Created");
}
public void sessionDestroyed(HttpSessionEvent arg0) {
System.out.print("SESSION OUT");
}
and I set in web.xml:
我设置了web.xml:
<session-config>
<session-timeout>1</session-timeout>
</session-config>
The servlet waits more than two minutes, then it calls sessionDestroyed.
servlet 等待两分钟以上,然后调用sessionDestroyed.
Is there is a way to force sessionDestroyedwhen time out ?
有没有办法sessionDestroyed在超时时强制?
Thanks in advance.
提前致谢。
回答by Andrzej Doyle
What makes you think that sessionDestroyedis notbeing called when the session times out? Or in other words, what's you interpretation of the fact it gets called at all?
是什么让你认为sessionDestroyed是不是被调用时,会话超时?或者换句话说,你对它被调用的事实有什么解释?
The servlet will handle the validity of sessions in its own manner, including session timeouts, and when it determines that the session is no longer valid it will call your method. However, I don't think any servlets guarantee any particular timeliness in this regard; my understanding is that it's a bit like garbage collection in that it is guaranteed to happen at some point, but not necessarily at the earliest possible instance that the session becomes eligible for destruction.
servlet 将以自己的方式处理会话的有效性,包括会话超时,并且当它确定会话不再有效时,它将调用您的方法。但是,我认为在这方面没有任何 servlet 保证任何特定的及时性;我的理解是它有点像垃圾收集,因为它可以保证在某个时候发生,但不一定在会话有资格销毁的最早实例中发生。
In any case, it seems almost certain that the servlet is doing what you want - seeing that the session is timed out and calling the appropriate method - the only question is whether you're going to see this exactly 60 seconds after the last request or a bit later. I would suggest that in general you shouldn't rely on the exact timings of when this method is called; use it to clear up resources, sure, but not for something like program correctness (you'll get IllegalStateExceptionsif calling methods on an invalid session anyway). If you feel you really must rely on this, perhaps explain what you're doing so that others can suggest more suitable ways to achieve this.
在任何情况下,似乎几乎可以肯定 servlet 正在执行您想要的操作 - 看到会话超时并调用适当的方法 - 唯一的问题是您是否会在上次请求后 60 秒或稍后。我建议一般来说你不应该依赖调用这个方法的确切时间;使用它来清理资源,当然,但不能用于诸如程序正确性之类的事情(IllegalStateExceptions无论如何,如果在无效会话上调用方法,您就会得到)。如果你觉得你真的必须依赖这个,也许可以解释你在做什么,以便其他人可以建议更合适的方法来实现这一点。
回答by BalusC
The servlet waits more than two minutes, then it calls sessionDestroyed.
Is there is a way to force sessionDestroyed when time out ?
servlet 等待两分钟以上,然后调用 sessionDestroyed。
有没有办法在超时时强制 sessionDestroyed ?
This is implementation specific (application server dependent). There is a background thread which checks the sessions at timed intervals and reaps all the expired ones. This may occur every minute but can also be every 15 minutes. They will also be reaped immediately if you fire a request while the associated session has already been timed out but not reaped yet.
这是特定于实现的(依赖于应用程序服务器)。有一个后台线程以定时间隔检查会话并获取所有过期的会话。这可能每分钟发生一次,但也可以每 15 分钟发生一次。如果您在关联会话已经超时但尚未收获时发出请求,它们也会立即被收获。
Thus if you for instance wait one minute and fire a new request, then it will be immediately reaped. There is really no need to worry about that. You don't need to force it to reap them immediately, that would have been an expensive task. You know, it's all just about programming, not about some magic ;)
因此,例如,如果您等待一分钟并触发一个新请求,那么它将立即被收割。真的没有必要担心。你不需要强迫它立即收获它们,那将是一项昂贵的任务。你知道,这只是关于编程,而不是一些魔法;)
回答by A_M
I don't think the J2EE spec makes any guarantees about when the methods on the listener will be called. It just states that they will be called at some point.
我不认为 J2EE 规范对何时调用侦听器上的方法做出任何保证。它只是说明他们将在某个时候被调用。
I've seen code which worked on one container (Tomcat) but didn't work on another container (OC4J). The developers had made an invalid assumption about when the sessionDestroyed method will be called.
我见过在一个容器 (Tomcat) 上运行但在另一个容器 (OC4J) 上不起作用的代码。开发人员对 sessionDestroyed 方法何时被调用做出了无效假设。
UPDATE
更新
Note that the behaviour of this interface changed in v2.4 of the servlet spec. See page 21for details.
请注意,此接口的行为在 servlet 规范的 v2.4 中发生了变化。有关详细信息,请参见第 21 页。
回答by valli
when you force the user to logout via the invalidate() method that the HttpSessionListener sessionDestroyed() method is called twice, once when they logout, and a second time after some delayed time period. This occurs if after the logout you redirect the user back to a web page within your application. What you're essentially doing is starting another session (which may not be immediately obvious if you haven't added security/authentication requirements to all your web pages), and the delayed second call of the sessionDestroyed() method is a timeout occurring. The simple solution, on logout redirect the user to a web page outside of your application.Read this article session
当您通过 invalidate() 方法强制用户注销时,HttpSessionListener sessionDestroyed() 方法被调用两次,一次是在他们注销时,第二次是在一些延迟时间段之后。如果在注销后将用户重定向回应用程序中的网页,则会发生这种情况。您本质上所做的是开始另一个会话(如果您没有向所有网页添加安全/身份验证要求,这可能不会立即明显),并且 sessionDestroyed() 方法的延迟第二次调用是超时发生。简单的解决方案,在注销时将用户重定向到应用程序之外的网页。阅读本文会话
