Tomcat 中带有过期日期的 JSESSIONID Cookie [英] JSESSIONID Cookie with Expiration Date in Tomcat

问题描述

为 Tomcat 为 servlet 会话发送的 JSESSIONID cookie 设置到期日期的最佳方法是什么?

What's the best way to set an expiration date for the JSESSIONID cookie sent by Tomcat for a servlet session?

默认情况下，cookie 的到期日期似乎是会话"，这意味着只要浏览器重新启动，会话就会在客户端消失.但我希望它保持打开状态 12 小时，即使在浏览器重新启动后(然后相应地在服务器中配置会话超时).

By default, the expiration date of the cookie seems to be 'session', which means that the session disappears in the client as soon as the browser restarts. But I would like to keep it open for 12h, even after a browser restart (and would then configure the session timeout in the server accordingly).

有什么方法可以在 Tomcat 中设置到期日期，例如使用一些配置选项或扩展模块?或者是否有可靠的方法使用 Servlet 过滤器为 JSESSIONID 设置到期日期?

Is there any way to set an expiration date within Tomcat, e.g. using some configuration option or extension module? Or is there a reliable way to set an expiration date for JSESSIONID using a Servlet filter?

推荐答案

从 Servlet 3.0 开始，这可以简单地在 web.xml 中指定:

As of Servlet 3.0, this can simply be specified in the web.xml:

<session-config>
    <session-timeout>720</session-timeout> <!-- 720 minutes = 12 hours -->
    <cookie-config>
        <max-age>43200</max-age> <!-- 43200 seconds = 12 hours -->
    </cookie-config>
</session-config>

请注意，session-timeout 以分钟为单位，而 max-age 以秒为单位.

Note that session-timeout is measured in minutes but max-age is measured in seconds.

这篇关于Tomcat 中带有过期日期的 JSESSIONID Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！