Implementation of JSP Session timeout settings, jspsession
Implementation of JSP Session timeout settings
In Java Web development, Session provides us with a lot of convenience, and the Session is maintained between the browser and the server. Session Timeout is interpreted as: a Session is created between the browser and the server. Because the client has not interacted with the server for a long time (sleep time), the server destroys the Session, when the client interacts with the server again, the previous Session does not exist.
Set the Session Timeout mode:
Method 1:
Set session-config in web. xml as follows:
<session-config> <session-timeout>2</session-timeout> </session-config>
That is, the client can interact with the server for two consecutive times at a maximum of 2 minutes. After 2 minutes, the value obtained by session. getAttribute () is null.
API Information:
Session. getCreationTime () Get the session Creation Time
Session. getLastAccessedTime () obtains the last interaction time with the server.
Session. getMaxInactiveInterval () gets the maximum non-active interval of the session, in seconds, 120 seconds.
Method 2:
In Tomcat/conf/web. xml, session-config. The default value is 30 minutes.
<session-config> <session-timeout>30</session-timeout> </session-config>
Method 3:
Set in Servlet
HttpSession session = request. getSession (); session. setMaxInactiveInterval (60); // unit: seconds
Note:
1. Priority: Servlet API Settings> Program/web. xml Settings> Tomcat/conf/web. xml settings
2. if the session on the Access Server times out (the interval between the current access and the last access is greater than the maximum inactivity interval of the session), that is, the last session ends, however, a new session is generated between the server and the client. All attribute values in the previous session are lost, resulting in a new sesssionId.
3. the client and the server have a valid session (the session does not time out), and each access session ID is the same. If the session is set in the code. setMaxInactiveInterval () value, the maximum inactive interval of this session will be modified and applied as a new value.
4. session destruction (indicating the end of the Session cycle): the Session is called within a request cycle. invalidate () method. After the request cycle ends, the session is destroyed; or the session is automatically destroyed after the session times out; or the client closes the browser.
5. if <% @ page session = "false" %> is specified for JSP, the built-in session variables cannot be directly accessed in JSP, and the session is not automatically created, at this time, the JSP does not automatically execute the request. the getSession () operation gets the session.
Summary:
In the process of program development, we can check SessionID every time the client interacts with the server (the Session attribute value can also be replaced by other Key values in non-HttpServlet Environment Development) for Session management.
If you have any questions, please leave a message or go to the community on this site for discussion. Thank you for reading this article. Thank you for your support!