Several methods of setting session invalidation

Transferred from: http://www.cnblogs.com/linjiqin/archive/2011/06/15/2081673.html

After the system is logged in, it will set a time for the current session to expire, to ensure that the user does not interact with the server for a long time, automatically log out and destroy the session.
The setup is simple and there are three ways to do this:
(1) Add: Session.setmaxinactiveinterval (900) on the main page or public page, the parameter 900 is in seconds, that is, after 15 minutes of inactivity, the session will expire.
It is important to note that the time set by this session is calculated on the server, not the client. So if you are debugging a program, you should modify the server-side time to test instead of the client.
(2) It is also a more general way to set the session expiration time, which is set in the Project Web. xml

<!--set session invalidation, units---
<session-config>
<session-timeout>1</session-timeout>
</session-config>

(3) Directly in the application server settings, if it is tomcat, you can find the <session-config> element in the Tomcat directory Conf/web.xml, tomcat default setting is 30 minutes, as long as you modify this value.

It should be noted that if the above three places are set, there is a priority problem, from high to Low: (1) > (2) > (3)

In a general system, you may also need to do something after the session fails,
(1) Control the number of users, when the session expires, the number of users of the system reduced by one, control the number of users within a certain range, to ensure the performance of the system.
(2) control a user multiple login, when the session is valid, if the same user login, the prompt has been logged in, when the session expires, you can not prompt, directly logged in.
So how do you do a series of operations after the session fails?
There is a need to use the listener, that is, when the session is invalidated for various reasons, the listener can listen and then execute the program defined in the listener.
Listener classes are: Httpsessionlistener class, with sessioncreated and sessiondestroyed two methods
You can inherit this class and then implement it separately.
Sessioncreated refers to the method that is executed when the session is created
Sessiondestroyed refers to the method that executes when the session fails
Give a simple example:

01.public class Sessionlistener implements httpsessionlistener{
02.
public void sessioncreated (Httpsessionevent event) {
HttpSession ses = event.getsession ();
. String Id=ses.getid () +ses.getcreationtime ();
. SummerConstant.UserMap.put (ID, boolean.true); Add user
07.}
08.
sessiondestroyed public void (Httpsessionevent event) {
HttpSession ses = event.getsession ();
One. String Id=ses.getid () +ses.getcreationtime ();
Synchronized (this) {
summerconstant.usernum--; Number of users minus one
SummerConstant.UserMap.remove (ID); Removed from the user group, the user group is a map
15.}
16.}
17.}

Then just have to declare the listener in Web. Xml.

1. <listener>
2. <listener- class >
3. Com.demo.SessionListener
4. </listener- class >
5. </listener>

Several methods of setting session invalidation