Java setting session timeout (expiration) time

After the general system login, it will set a time for the current session to expire, to ensure that the user does not interact with the server for a long time, automatically log out, destroy the session
There are three ways to set it up:
1. Set in the Web container (for Tomcat as an example)
Set in Tomcat-7.0\conf\web.xml, the following is the default configuration in tomcat7.0:

<session-config>
<session-timeout>30</session-timeout>
</session-config>
Tomcat default session timeout is 30 minutes, can be modified as needed, negative or 0 is not limit session failure time

It is important to note that the time set by this session is calculated on the server, not the client. So if you are debugging a program, you should modify the server-side time to test instead of the client

2. Set up in the project's Web. xml
<!--time in minutes--

<session-config>
<session-timeout>15</session-timeout>
</session-config>
15 here means 15 minutes of failure.

3. Using Java Code settings
Session.setmaxinactiveinterval (30*60);//in seconds, i.e. after 30 minutes of inactivity, the session will expire

Three ways of priority: 1 < 2 < 3

In a general system, you may also need to do something after the session fails:
1. Control the number of users, when the session expires, the number of users of the system to reduce one, control the number of users within a certain range, to ensure the performance of the system
2. Control a user multiple login, when the session is valid, if the same user login, the prompt has been logged in, when the session expires, you can be different prompts, direct login
So how do you do a series of operations after the session fails?
There is a need to use the listener, that is, when the session fails for various reasons, the listener can listen to, and then execute the listener defined in the program is OK
Listener classes are: Httpsessionlistener class, with sessioncreated and sessiondestroyed two methods
You can inherit this class and then implement it separately.
Sessioncreated refers to the method that is executed when the session is created
Sessiondestroyed refers to the method that executes when the session fails
Example:

Copy Code
1 public class Onlineuserlistener implements httpsessionlistener{
2 public void sessioncreated (Httpsessionevent event) {
3 HttpSession session=event.getsession;
4 String Id=session.getid () +session.getcreationtime ();
5 SummerConstant.UserMap.put (id,boolean.true);//Add User
6}
7
8 public void Sessiondestroyed (Httpsessionevent event) {
9 HttpSession session=event.getsession;
Ten String Id=session.getid () +session.getcreationtime ();
Synchronized (this) {
summerconstant.usernum--;//user number minus-
SummerConstant.UserMap.remove (ID);//Removed from user group, user group is a map
14}
15}
16}
Copy Code
Then just have to declare the listener in Web. Xml.

<listener>
<listener-class>com.demo.OnlineUserListener</listener-class>
</listener>

Java setting session timeout (expiration) time