在Java Web App中定义自定义事件/操作/请求以重置会话超时的计时器? [英] Define custom events/actions/requests for resetting timer for Session Timeout in Java Web App?
问题描述
我在eclipse中使用Tomcat 7.0,Spring 4.0.2,Web Module 3.0作为我的Web应用程序。我在app / web.xml以及tomcat / conf / web.xml中配置了会话超时。
I am using Tomcat 7.0, Spring 4.0.2, Web Module 3.0 in eclipse for my web application. And I configured my session timeout in app/web.xml as well as tomcat/conf/web.xml.
<session-config><session-timeout>30</session-timeout></session-config>
我知道tomcat必须重置它的内部计时器才能计算30分钟并使会话无效(会话超时)关于某些事件/动作/请求。
I know that tomcat must reset it's internal timer for calculate this 30 mins and invalidate session (session timeout) on some events/actions/requests.
我每隔5分钟发送一个名为 captureLastActiveTimeForCurrentFile 的请求。所以现在应用服务器永远不会使会话无效,因为我每隔5分钟就发送一次请求,所以每隔5分钟就会重置一次会话超时定时器。
I am sending one request called captureLastActiveTimeForCurrentFile after every 5 mins. So now application server will never invalidate session because I am sending request after every 5 mins, so it will reset it's session timeout timer after every 5 mins.
现在我的问题是如何忽略任何特定请求(此处为 captureLastActiveTimeForCurrentFile )以重置会话超时计时器 。这意味着当我发送 captureLastActiveTimeForCurrentFile 请求时,服务器不能重置它的计时器。对于所有其他人的请求它应该工作,因为它是如何工作的。因此,如果我不向服务器发送任何其他(不包括 captureLastActiveTimeForCurrentFile )请求,则必须在30分钟后将会话无效。
Now my problem is that how to ignore any particular request (here, captureLastActiveTimeForCurrentFile) for resetting session timeout timer. It means when I send captureLastActiveTimeForCurrentFile request, server must not reset it's timer. For All others requests it should work as it is how it is already working. So suppose if I do not send any other (excluding captureLastActiveTimeForCurrentFile) requests to server, it must be invalidate session after 30 mins.
解决方案我能想到:
- >我将在web.xml文件中配置会话超时很长时间。
- >我将捕获上次请求时间在服务器上的每个请求调用之后的一个全局变量中,不包括 captureLastActiveTimeForCurrentFile
- >我将启动我自己的调度程序,它将在每5分钟后运行,它将检查上次请求时间 - 当前时间> 30分钟,然后我将手动使会话无效。
The solution I can think :
--> I will configure session timeout very long time in web.xml file.
--> I will capture last request time in one Global variable after every request call on server excluding captureLastActiveTimeForCurrentFile
--> I will start my own scheduler which will run after every 5 min and It will check last request time - current time > 30 mins, then I will invalidate session manually.
但我觉得这个解决方案很复杂且性能明智没有一个好主意。
But I think this solution is complicated and performance wise not a good idea.
我是否可以通过其他方式在服务器上配置排除请求,以便服务器忽略该特定请求。
Is there any other way by which I can configure excluded requests on server, so that Server will ignore that particular request.
如果我的任何假设是错误的,请纠正我。
提前致谢。任何帮助都将不胜感激。
Correct me if any of my assumptions are wrong. Thanks in advance. Any help would be appreciate.
推荐答案
如果captureLastActiveTimeForCurrentFile背后的代码没有显式访问用户的HTTP会话(即通过调用请求。 getSession())然后您可以通过在Tomcat中设置一些属性来忽略对此路径的请求。请注意,设置这些将为未明确访问用户会话的任何其他映射引入类似的行为。
If the code behind captureLastActiveTimeForCurrentFile does not explicitly access the user's HTTP Session (i.e. by calling request.getSession()) then you can ignore the request to this path by setting some properties in Tomcat. Note that setting these however will introduce similar behavior for any other mappings not explicitly accessing the user's session.
相关属性为:
org.apache.catalina.core。 StandardHostValve.ACCESS_SESSION
org.apache.catalina.STRICT_SERVLET_COMPLIANCE
org.apache.catalina.core. StandardHostValve.ACCESS_SESSION org.apache.catalina.STRICT_SERVLET_COMPLIANCE
请参阅此处的进一步讨论,特别是最后一篇文章:
See further discussion here, especially the last post:
这篇关于在Java Web App中定义自定义事件/操作/请求以重置会话超时的计时器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
