在Spring 3 / Spring Security 2.0.5中检测会话超时 [英] Detect session timeout in Spring 3/Spring Security 2.0.5
问题描述
我有一个使用SpringSecurity 2.0.5在Spring 3下运行的Web应用程序。
要向用户显示自上次访问以来对站点的更改,我会尝试注册其会话被销毁的时间。因此,我注册了 org.springframework.context.ApplicationListener< HttpSessionDestroyedEvent> 以及 javax.servlet.http.HttpSessionListener 。
当用户使用注销链接时,实现的方法有效。但是当会话超时时就好像事件没有生成一样。
I have a web application running under Spring 3 with SpringSecurity 2.0.5.
To present the user the changes to the site since his last visit, I try to register the time when his session is destroyed. Therefore I registered org.springframework.context.ApplicationListener<HttpSessionDestroyedEvent> and also a javax.servlet.http.HttpSessionListener.
The implemented methods work when the user uses the logout link. But when the session times out it's as if the events aren't generated.
我忘了听正确的事件吗?或者会话超时没有解雇?有没有其他方法来实现这一目标?它取决于服务器设置(tomcat 6.0.24 btw)吗?
Am I forgetting to listen to the right events? Or is there nothing fired for the session timeout? Is there any other way to achieve this? Does it depend on a server setting (which is tomcat 6.0.24 btw)?
推荐答案
我不做Spring,所以没有关于此的措辞,但 javax.servlet.http.HttpSessionListener 在正确实施和注册时应该有效。您需要在 web.xml 中将其注册为< listener> ,如下所示:
I don't do Spring, so no wording about this, but the javax.servlet.http.HttpSessionListener should work when implemented and registered properly. You need to register it as a <listener> in the web.xml as follows:
<listener>
<listener-class>com.example.MyHttpSessionListener</listener-class>
</listener>
请记住,您正在以正确的方式测试会话超时。例如,关闭webbrowser窗口不会立即销毁服务器端的会话。只要客户端在30分钟内未发送任何HTTP请求,会话就会生效。这30分钟是默认会话超时,可通过 web.xml 中的< session-timeout> 条目进行配置。
Keep in mind that you're testing the session timeout the right way. Closing a webbrowser window for example won't immediately destroy the session on the server side. The session will live as long as the client hasn't sent any HTTP request for 30 minutes. Those 30 minutes are the default session timeout which is configureable by <session-timeout> entry in web.xml.
此外,servletcontainer在完全超时值后不会立即销毁会话。这是一个后台工作,以一定的时间间隔运行(例如5到15分钟,具体取决于负载和servletcontainer品牌/类型)。所以当你没有看到完全 30分钟不活动后调用 sessionDestroyed()方法时,不要感到惊讶。但是,当您在暂停但未被破坏的会话中触发HTTP请求时,它将立即被销毁。
Also, the servletcontainer won't immediately destroy sessions after exactly the timeout value. It's a background job which runs at certain intervals (e.g. 5~15 minutes depending on load and the servletcontainer make/type). So don't be surprised when you don't see the sessionDestroyed() method being called after exactly 30 minutes of inactivity. However, when you fire a HTTP request on a timed-out-but-not-destroyed-yet session, it will be destroyed immediately.
- How does Servlets, ServletContext, HttpSession, etc work?
这篇关于在Spring 3 / Spring Security 2.0.5中检测会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
