In Java Web development, Session provides us with a lot of convenience, and Session is maintained between the browser and the server. Session timeout is understood as: a session is created between the browser and the server. Since the client has not interacted with the server for a long time (sleep time), the server destroys this session, and the previous session does not exist when the client interacts with the server again. .
#
Set the session timeout method:
1. Set session-config in web.xml as follows:
<session-config>
<session-timeout>2</session-timeout>
</session-config>That is, the maximum interval between two consecutive interactions between the client and the server is 2 minutes. After 2 minutes, the value obtained by session.getAttribute() is empty
API information:
session.getCreationTime() to obtain the creation time of the session
session.getLastAccessedTime() to obtain the above Interaction time with the server
session.getMaxInactiveInterval() Get the maximum inactivity interval of the session, in seconds, 120 seconds.
2. In Tomcat's /conf/web.xml session-config, the default value is: 30 minutes
<session-config>
<session-timeout>30</session-timeout>
</session-config>3. Set in Servlet
HttpSession session = request.getSession();
session.setMaxInactiveInterval(60);//单位为秒illustrate:
1. Priority: API settings in Servlet > Program/web.xml settings > Tomcat/conf/web.xml settings
2. If the access server session times out (the time interval between this access and the last access is greater than the maximum inactivity interval of the session), that is, the last session ends, but the server and the client will generate a new session, the previous session All the attribute values in it are lost, and a new sessionId is generated.
3. The client and the server have a valid session (the session has no timeout), and the sessionId is the same for each access. If the session.setMaxInactiveInterval() value is set in the code, the maximum inactivity interval of this session will be modified and applied as new value.
4. Destruction of Session (representing the end of the session cycle): The Session.invalidate() method is called within a certain request cycle. After the request cycle ends, the session is destroyed; or the session is automatically destroyed after timeout; or the client closes drop the browser
5. For JSP, if <%@ page session=”false”%> is specified, the built-in session variable cannot be directly accessed in JSP, and session will not be created actively, because JSP does not automatically execute request.getSession at this time () operation to obtain the session.