Java 在 Spring 3/Spring Security 2.0.5 中检测会话超时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3719691/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Detect session timeout in Spring 3/Spring Security 2.0.5
提问by ma c?lay
I have a web application running under Spring 3 with SpringSecurity 2.0.5.
To present the user the changes to the site since his last visit, I try to register the time when his session is destroyed. Therefore I registered org.springframework.context.ApplicationListener<HttpSessionDestroyedEvent>and also a javax.servlet.http.HttpSessionListener.
The implemented methods work when the user uses the logout link. But when the session times out it's as if the events aren't generated.
我有一个使用 SpringSecurity 2.0.5 在 Spring 3 下运行的 Web 应用程序。为了向用户展示自上次访问以来对站点的更改,我尝试注册他的会话被破坏的时间。因此我注册了org.springframework.context.ApplicationListener<HttpSessionDestroyedEvent>,也是一个javax.servlet.http.HttpSessionListener. 当用户使用注销链接时,实现的方法起作用。但是当会话超时时,就好像没有生成事件一样。
Am I forgetting to listen to the right events? Or is there nothing fired for the session timeout? Is there any other way to achieve this? Does it depend on a server setting (which is tomcat 6.0.24 btw)?
我是否忘记收听正确的事件?或者会话超时没有触发任何东西?有没有其他方法可以实现这一目标?它是否取决于服务器设置(即 tomcat 6.0.24 btw)?
采纳答案by BalusC
I don't do Spring, so no wording about this, but the javax.servlet.http.HttpSessionListenershould work when implemented and registered properly. You need to register it as a <listener>in the web.xmlas follows:
我不做 Spring,所以没有关于这个的措辞,但是在javax.servlet.http.HttpSessionListener正确实施和注册后应该可以工作。你需要将它注册为<listener>中web.xml,如下所示:
<listener>
<listener-class>com.example.MyHttpSessionListener</listener-class>
</listener>
Keep in mind that you're testing the session timeout the right way. Closing a webbrowser window for example won't immediatelydestroy the session on the server side. The session will live as long as the client hasn't sent any HTTP request for 30 minutes. Those 30 minutes are the default session timeout which is configureable by <session-timeout>entry in web.xml.
请记住,您正在以正确的方式测试会话超时。例如,关闭浏览器窗口不会立即破坏服务器端的会话。只要客户端在 30 分钟内没有发送任何 HTTP 请求,会话就会一直存在。这 30 分钟是默认会话超时时间,可通过<session-timeout>输入web.xml.
Also, the servletcontainer won't immediatelydestroy sessions after exactly the timeout value. It's a background job which runs at certain intervals (e.g. 5~15 minutes depending on load and the servletcontainer make/type). So don't be surprised when you don't see the sessionDestroyed()method being called after exactly30 minutes of inactivity. However, when you fire a HTTP request on a timed-out-but-not-destroyed-yet session, it will be destroyed immediately.
此外,servletcontainer 不会在恰好超时值之后立即销毁会话。这是一个以特定时间间隔运行的后台作业(例如 5~15 分钟,取决于负载和 servletcontainer make/type)。因此,当您sessionDestroyed()在正好30 分钟不活动后没有看到该方法被调用时,请不要感到惊讶。但是,当您在超时但尚未销毁的会话上触发 HTTP 请求时,它将立即销毁。
See also:
也可以看看:
回答by Vova Sergeychik
I think, DelegatingSessionListener approach may be useful. It already mentioned here:
我认为,DelegatingSessionListener 方法可能有用。它已经在这里提到:
How to inject dependencies into HttpSessionListener, using Spring?
