HttpSessionListener - 会话超时时会调用sessionDestroyed方法吗？ [英] HttpSessionListener - Will sessionDestroyed method be called on session timeout?

问题描述

我有 HttpSessionListener 的实现，其中应用程序中的已锁定资源随 sessionDestroyed 方法一起发布。 / p>

'lock'信息在数据库中维护，并且锁的发布在大多数情况下都能正常工作。但在某些情况下，我仍然看到资源被锁定 - 即使没有会话活动！

所以，我怀疑是否有可能 sessionDestroyed 没有被调用？假设会话超时 - 将调用 sessionDestroyed 方法吗？

假设用户关闭浏览器选项卡而不注销（销毁会话） - 那么是否会调用监听器？

在此先感谢！

解决方案

servlet引擎将处理会话超时。
当会话不再有效时，它将自行确定它将调用 sessionDestroyed 。 （这可以在用户关闭浏览器后的某个时间发生）。

其他一些要点：

日志记录

也许您可以向sessionCreated和sessionDestroyed方法添加一些日志记录。对于每个sessionCreated，你应该有一个sessionDestroyed。

例外处理

也许事情仍然是锁定的东西不是由于会话未被销毁，但可能是由于sessionDestroyed逻辑中的错误。你在那里有足够的异常处理/记录吗？

时间

你有没有等待足够长的时间检查锁定的资源？ （关闭所有客户端，并考虑应用程序/服务器上配置的会话超时值）。如前所述，服务器无法检测到用户关闭浏览器，但它确实维护了其http会话列表，并且会在超时后销毁它们。

I have an implementation of HttpSessionListener where 'locked' resources in the application are released with sessionDestroyed method.

The 'lock' information is maintained in database, and the release of locks is working fine in most cases. But In some cases I still see resource is locked - even if there is no session active!

So, I'm doubting if there is possibility that sessionDestroyed not being invoked? Suppose if the session is timed out - will sessionDestroyed method be called?

Suppose user closes browser tab without logging out(destroying session) -then will the listener be invoked?

Thanks in advance!

解决方案

A servlet engine will handle session timeouts. It will determine on its own when the session is no longer valid and it will call the sessionDestroyed. (this can occur some time after the user closed his browser).

Some other points :

Logging

Perhaps you can add some logging to sessionCreated and sessionDestroyed methods. for each sessionCreated you should have a sessionDestroyed.

Excepion Handling

Perhaps the fact that stuff remains locked is not due to the session not being destroyed, but perhaps due to an error in your sessionDestroyed logic. Do you have sufficient exception handling / logging in place there ?

Timing

Did you wait long enough to check your locked resources ? (close all clients, and take into account the session timeout value configured on the application / server). As stated earlier, the server cannot detect a user closing a browser, but it does maintain its list of http sessions, and it will destroy them after timeout.

这篇关于HttpSessionListener - 会话超时时会调用sessionDestroyed方法吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！