如何在 Java Web 应用程序中动态设置会话超时?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2960764/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set session timeout dynamically in Java web applications?
提问by Jonathas Carrijo
I need to give my user a web interface to change the session timeout interval. So, different installations of the web application would be able to have different timeouts for their sessions, but their web.xmlcannot be different.
我需要为我的用户提供一个 Web 界面来更改会话超时间隔。因此,Web 应用程序的不同安装将能够为其会话设置不同的超时时间,但它们web.xml不能不同。
Is there a way to set the session timeout programatically, so that I could use, say, ServletContextListener.contextInitialized()to read the configured interval and set it upon application startup?
有没有办法以编程方式设置会话超时,以便我可以使用,比如说,ServletContextListener.contextInitialized()读取配置的间隔并在应用程序启动时设置它?
采纳答案by Michael
Instead of using a ServletContextListener, use a HttpSessionListener.
不要使用 ServletContextListener,而是使用HttpSessionListener.
In the sessionCreated()method, you can set the session timeoutprogrammatically:
在该sessionCreated()方法中,您可以通过编程方式设置会话超时:
public class MyHttpSessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent event){
event.getSession().setMaxInactiveInterval(15 * 60); // in seconds
}
public void sessionDestroyed(HttpSessionEvent event) {}
}
And don't forget to define the listenerin the deployment descriptor:
并且不要忘记在部署描述符中定义侦听器:
<webapp>
...
<listener>
<listener-class>com.example.MyHttpSessionListener</listener-class>
</listener>
</webapp>
(or since Servlet version 3.0 you can use @WebListenerannotation instead).
(或者从 Servlet 3.0 版开始,您可以改用@WebListener注释)。
Still, I would recommend creating different web.xmlfiles for each application and defining the session timeout there:
尽管如此,我还是建议为每个应用程序创建不同的web.xml文件并在那里定义会话超时:
<webapp>
...
<session-config>
<session-timeout>15</session-timeout> <!-- in minutes -->
</session-config>
</webapp>
回答by Pascal Thivent
Is there a way to set the session timeout programatically
有没有办法以编程方式设置会话超时
There are basically three ways to set the session timeout value:
设置会话超时值的方法主要有以下三种:
- by using the
session-timeoutin the standardweb.xmlfile ~or~ - in the absence of this element, by getting the server's default
session-timeoutvalue (and thus configuring it at the server level) ~or~ - programmatically by using the
HttpSession. setMaxInactiveInterval(int seconds)method in your Servlet or JSP.
- 通过
session-timeout在标准web.xml文件中使用~或~ - 在没有此元素的情况下,通过获取服务器的默认
session-timeout值(从而在服务器级别对其进行配置)~或~ - 以编程方式使用
HttpSession. setMaxInactiveInterval(int seconds)Servlet 或 JSP 中的方法。
But note that the later option sets the timeout value for the currentsession, this is not a global setting.
但请注意,后面的选项设置当前会话的超时值,这不是全局设置。
回答by Topera
As another anwsers told, you can change in a Session Listener. But you can change it directly in your servlet, for example.
正如另一个回答者所说,您可以在会话侦听器中进行更改。但是,例如,您可以直接在 servlet 中更改它。
getRequest().getSession().setMaxInactiveInterval(123);
回答by PraveenKumar Lalasangi
I need to give my user a web interface to change the session timeout interval. So, different installations of the web application would be able to have different timeouts for their sessions, but their web.xml cannot be different.
我需要为我的用户提供一个 Web 界面来更改会话超时间隔。因此,Web 应用程序的不同安装可以为它们的会话设置不同的超时时间,但它们的 web.xml 不能不同。
your question is simple, you need session timeout interval should be configurable at run time and configuration should be done through web interface and there shouldn't be overhead of restarting the server.
您的问题很简单,您需要在运行时配置会话超时间隔,并且应该通过 Web 界面完成配置,并且不应该有重新启动服务器的开销。
I am extending Michaels answer to address your question.
我正在扩展 Michaels 的回答以解决您的问题。
Logic: You need to store configured value in either .properties file or to database. On server start read that stored value and copy to a variable use that variable until server is UP. As config is updated update variable also. Thats it.
逻辑:您需要将配置值存储在 .properties 文件或数据库中。在服务器启动时读取存储的值并复制到变量使用该变量直到服务器启动。由于配置也更新更新变量。就是这样。
Expaination
说明
In MyHttpSessionListener class 1. create a static variable with name globalSessionTimeoutInterval.
在 MyHttpSessionListener 类 1. 创建一个名为 globalSessionTimeoutInterval 的静态变量。
create a static block(executed for only for first time of class is being accessed) and read timeout value from config.properties file and set value to globalSessionTimeoutInterval variable.
Now use that value to set maxInactiveInterval
Now Web part i.e, Admin configuration page
a. Copy configured value to static variable globalSessionTimeoutInterval.
b. Write same value to config.properties file. (consider server is restarted then globalSessionTimeoutInterval will be loaded with value present in config.properties file)
Alternative .properties file OR storing it into database. Choice is yours.
创建一个静态块(仅在第一次访问类时执行)并从 config.properties 文件中读取超时值并将值设置为 globalSessionTimeoutInterval 变量。
现在使用该值来设置 maxInactiveInterval
现在是 Web 部分,即管理员配置页面
一种。将配置的值复制到静态变量 globalSessionTimeoutInterval。
湾 将相同的值写入 config.properties 文件。(考虑服务器重新启动,然后 globalSessionTimeoutInterval 将加载 config.properties 文件中存在的值)
替代 .properties 文件或将其存储到数据库中。选择权在你。
Logical code for achieving the same
实现相同的逻辑代码
public class MyHttpSessionListener implements HttpSessionListener
{
public static Integer globalSessionTimeoutInterval = null;
static
{
globalSessionTimeoutInterval = Read value from .properties file or database;
}
public void sessionCreated(HttpSessionEvent event)
{
event.getSession().setMaxInactiveInterval(globalSessionTimeoutInterval);
}
public void sessionDestroyed(HttpSessionEvent event) {}
}
And in your Configuration Controller or Configuration servlet
并在您的配置控制器或配置 servlet
String valueReceived = request.getParameter(timeoutValue);
if(valueReceived != null)
{
MyHttpSessionListener.globalSessionTimeoutInterval = Integer.parseInt(timeoutValue);
//Store valueReceived to config.properties file or database
}
