After the general system login, will set up a time to failure of the current session to ensure that the user does not use the system a certain time, automatically logged, destroyed session. 


The setting is simple: 

Join the Home screen or public page: session.setMaxInactiveInterval (900); 

Parameter Units 900 seconds, i.e. there is no activity after 15 minutes, session will fail. 

Here we note that this time session setup is calculated based on the server, not the client. So if the debugger, should be modified to test the server time, not the client. 


In a typical system, you may also need to do something after the session fails, 

(1) controls the number of users, when the session fails, the number of users the system is reduced by one, and control the number of users in a certain range to ensure performance of the system. 

(2) a user to control multiple logins, when the session is valid, if the same user logs on, it has been suggested logged in, when the session fails, you can not prompt, log in directly to the 


So how in the session after the failure, a series of operations it? 

Here it is necessary to use a listener, that is, when the session because of various reasons fail, the listener can listen to, and then perform listener defined procedures on it. 

Listener class is: HttpSessionListener class, there are two methods and sessionCreated sessionDestroyed 


You can inherit this class, and then were realized. 

sessionCreated refers to a method of execution when creating the session 

sessionDestroyed refers to a method performed when the session fails 

Give a simple example: 

public class SessionListener implements HttpSessionListener{ 


public void sessionCreated(HttpSessionEvent event) { 

HttpSession ses = event.getSession(); 

String id=ses.getId()+ses.getCreationTime(); 

SummerConstant.UserMap.put (id, Boolean.TRUE); // add users 


public void sessionDestroyed(HttpSessionEvent event) { 

HttpSession ses = event.getSession(); 

String id=ses.getId()+ses.getCreationTime(); 

synchronized (this) { 

SummerConstant.USERNUM--; // Save a number of users 

SummerConstant.UserMap.remove (id); // removed away from the user group, a user group map 


Then just put the listener in the web.xml statement on it 

E.g: 

<listener> 

<listener-class> 

com.summer.kernel.tools.SessionListener 

</listener-class> 

</listener> 



supplement: 

The setting is simple, in three ways: 

(1) Public or added in the Home page: session.setMaxInactiveInterval (900); 

Parameter Units 900 seconds, i.e. there is no activity after 15 minutes, session will fail. Will never close to -1. 

Here we note that this time session setup is calculated based on the server, not the client. So if the debugger, should be modified to test the server time, not the client. 

(2) The method is relatively common session set dead time is set in the web.xml projects 

<session-config> 

<session-timeout>15</session-timeout> 

</session-config> 

15 here it is 15 minutes failure. 

(3) disposed directly in the application server, if tomcat, may be in the tomcat directory conf / web.xml in 

Find the <session-config> element, tomcat default setting is 30 minutes, as long as this value is modified it. 


Note that if these three places are set up if, there is a priority issue, from high to low: 

(1)--(2)---(3)


 


session expiration time is calculated from the last request for the current session began.