java HttpSessionListener - 会话超时时会调用 sessionDestroyed 方法吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6452757/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HttpSessionListener - Will sessionDestroyed method be called on session timeout?
提问by Slick
I have an implementation of HttpSessionListenerwhere 'locked' resources in the application are released with sessionDestroyedmethod.
我有一个HttpSessionListener使用sessionDestroyed方法释放应用程序中“锁定”资源的实现。
The 'lock' information is maintained in database, and the release of locks is working fine in most cases. But In some cases I still see resource is locked - even if there is no session active!
“锁”信息保存在数据库中,在大多数情况下,锁的释放工作正常。但在某些情况下,我仍然看到资源被锁定 - 即使没有活动会话!
So, I'm doubting if there is possibility that sessionDestroyednot being invoked? Suppose if the session is timed out - will sessionDestroyedmethod be called?
所以,我怀疑是否有可能sessionDestroyed不被调用?假设如果会话超时 - 会sessionDestroyed调用方法吗?
Suppose user closes browser tab without logging out(destroying session) -then will the listener be invoked?
假设用户在没有注销的情况下关闭浏览器选项卡(销毁会话) - 那么监听器会被调用吗?
Thanks in advance!
提前致谢!
采纳答案by ddewaele
A servlet engine will handle session timeouts.
It will determine on its own when the session is no longer valid and it will call the sessionDestroyed. (this can occur some time after the user closed his browser).
servlet 引擎将处理会话超时。它将自行确定会话何时不再有效,并将调用sessionDestroyed. (这可能发生在用户关闭浏览器后的一段时间)。
Some other points :
其他一些要点:
Logging
日志记录
Perhaps you can add some logging to sessionCreated and sessionDestroyed methods. for each sessionCreated you should have a sessionDestroyed.
也许您可以向 sessionCreated 和 sessionDestroyed 方法添加一些日志记录。对于每个 sessionCreated,您应该有一个 sessionDestroyed。
Excepion Handling
异常处理
Perhaps the fact that stuff remains locked is not due to the session not being destroyed, but perhaps due to an error in your sessionDestroyed logic. Do you have sufficient exception handling / logging in place there ?
也许东西保持锁定的事实不是由于会话没有被销毁,而是由于 sessionDestroyed 逻辑中的错误。您是否有足够的异常处理/日志记录?
Timing
定时
Did you wait long enough to check your locked resources ? (close all clients, and take into account the session timeout value configured on the application / server). As stated earlier, the server cannot detect a user closing a browser, but it does maintain its list of http sessions, and it will destroy them after timeout.
您是否等待足够长的时间来检查锁定的资源?(关闭所有客户端,并考虑在应用程序/服务器上配置的会话超时值)。如前所述,服务器无法检测到用户关闭浏览器,但它会维护其 http 会话列表,并且会在超时后销毁它们。
回答by chahuistle
So, I'm doubting if there is possibility that sessionDestroyed not being invoked? Suppose if the session is timed out - will sessionDestroyed method be called?
所以,我怀疑 sessionDestroyed 是否有可能不被调用?假设如果会话超时 - 会调用 sessionDestroyed 方法吗?
Yes. A session is destroyed when it times out or someone expires it programatically (via HttpSession.invalidate()).
是的。会话在超时或有人以编程方式(通过HttpSession.invalidate())过期时被销毁。
Suppose user closes browser tab without logging out(destroying session) -then will the listener be invoked?
假设用户在没有注销的情况下关闭浏览器选项卡(销毁会话) - 那么监听器会被调用吗?
No, because the session is still valid. If said user opens up the website once again, his/her session will still be valid.
不,因为会话仍然有效。如果该用户再次打开该网站,他/她的会话仍然有效。
From the HttpSessionjavadoc:
从HttpSessionjavadoc:
Notifications are sent after the binding methods complete. For session that are invalidated or expire, notifications are sent after the session has been invalidated or expired.
在绑定方法完成后发送通知。对于失效或过期的会话,在会话失效或过期后发送通知。
