I need the sessions in my web application not to timeout. They should be there until the user log out manually. It might be a bad call but I must implement it.
我需要在我的Web应用程序中的会话不要超时。它们应该在那里,直到用户手动注销。这可能是一个糟糕的电话,但我必须实现它。
I tried the below in web.xml
我在web.xml中尝试了以下内容
<session-config>
<session-timeout>
-1
</session-timeout>
</session-config>
However the session is still getting time out! Any suggestions?
然而,会议仍然有时间!有什么建议?
5 个解决方案
#1
You can do this too :
你也可以这样做 :
<session-config>
<session-timeout>0</session-timeout>
</session-config>
You can see how it works just here
你可以在这里看到它是如何工作的
#2
I want to advise against setting an infinite Session Timeout. It is a very bad call, as this is one certain way to implement a Memory Leak. As a result you will have an ever growing set of 'active' sessions. Each of them have the potential to store a considerable amount of data in Session Attributes. Each of them can have additional data associated with the session (injects, resources, beans).
我想建议不要设置无限会话超时。这是一个非常糟糕的调用,因为这是实现内存泄漏的一种特定方式。因此,您将拥有一套不断增长的“活跃”会话。它们中的每一个都有可能在会话属性中存储大量数据。它们中的每一个都可以具有与会话相关联的附加数据(注入,资源,bean)。
Your application will continue to degrade over time until you will be forced to restart.
随着时间的推移,您的应用程序将继续降级,直到您*重新启动。
Also I would like to state that the longer a session is active, the more susceptible it is for hacking and intercepts.
此外,我想说明会话活动的时间越长,就越容易受到黑客攻击和拦截。
You state,
It might be a bad call but I must implement it.
这可能是一个糟糕的电话,但我必须实现它。
Yes, a very bad call indeed, but I am glad you know. I would like to have the opportunity to provide you an alternative solution. Can you provide the reason, and maybe some code to help document your case?
是的,确实是一个非常糟糕的电话,但我很高兴你知道。我想有机会为您提供替代解决方案。您能否提供原因,也许还有一些代码可以帮助记录您的案例?
Actually thinking about some real life scenario's, I had the situation where we didn't want to expire the user page with settings and information he has gathered in his session. It was a complex graphing solution that needed much input. The user will just hit refresh to retrieve the most recent data.
实际上考虑一些现实生活场景,我遇到了这样的情况:我们不希望使用他在会话中收集的设置和信息使用户页面过期。这是一个复杂的图形解决方案,需要大量的输入。用户只需点击刷新即可检索最新数据。
The solution to above scenario was to not store it is part of the session, but instead encoded in the page itself. The simplest way would be to use <intput type="hidden"> fields. You could also use embedded xml, or make it part of the URL (to make a true browser refresh work).
上述场景的解决方案是不存储它是会话的一部分,而是在页面本身编码。最简单的方法是使用
#3
In web.xml define the following
在web.xml中定义以下内容
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
which has the same effect as the code posted above and will apply to all sessions for that web-app.
与上面发布的代码具有相同的效果,并将应用于该Web应用程序的所有会话。
#4
use a HttpSessionListener. In the sessionCreated() method, you can set the session timeout programmatically.
使用HttpSessionListener。在sessionCreated()方法中,您可以以编程方式设置会话超时。
public class MyHttpSessionListener implements HttpSessionListener{
public void sessionCreated(HttpSessionEvent event){
event.getSession().setMaxInactiveInterval(-1); //in seconds
}
public void sessionDestroyed(HttpSessionEvent event){}
}
And don't forget to define the listener in the deployment descriptor:
<webapp>
...
<listeners>
<listener-class>com.MyHttpSessionListener</listener-class>
</listeners>
</webapp>
#5
You can also use the following:
您还可以使用以下内容:
HttpSession session = request.getSession();
session.setMaxInactiveInterval(0);
or
HttpSession session = request.getSession();
session.setMaxInactiveInterval(-1);
#1
You can do this too :
你也可以这样做 :
<session-config>
<session-timeout>0</session-timeout>
</session-config>
You can see how it works just here
你可以在这里看到它是如何工作的
#2
I want to advise against setting an infinite Session Timeout. It is a very bad call, as this is one certain way to implement a Memory Leak. As a result you will have an ever growing set of 'active' sessions. Each of them have the potential to store a considerable amount of data in Session Attributes. Each of them can have additional data associated with the session (injects, resources, beans).
我想建议不要设置无限会话超时。这是一个非常糟糕的调用,因为这是实现内存泄漏的一种特定方式。因此,您将拥有一套不断增长的“活跃”会话。它们中的每一个都有可能在会话属性中存储大量数据。它们中的每一个都可以具有与会话相关联的附加数据(注入,资源,bean)。
Your application will continue to degrade over time until you will be forced to restart.
随着时间的推移,您的应用程序将继续降级,直到您*重新启动。
Also I would like to state that the longer a session is active, the more susceptible it is for hacking and intercepts.
此外,我想说明会话活动的时间越长,就越容易受到黑客攻击和拦截。
You state,
It might be a bad call but I must implement it.
这可能是一个糟糕的电话,但我必须实现它。
Yes, a very bad call indeed, but I am glad you know. I would like to have the opportunity to provide you an alternative solution. Can you provide the reason, and maybe some code to help document your case?
是的,确实是一个非常糟糕的电话,但我很高兴你知道。我想有机会为您提供替代解决方案。您能否提供原因,也许还有一些代码可以帮助记录您的案例?
Actually thinking about some real life scenario's, I had the situation where we didn't want to expire the user page with settings and information he has gathered in his session. It was a complex graphing solution that needed much input. The user will just hit refresh to retrieve the most recent data.
实际上考虑一些现实生活场景,我遇到了这样的情况:我们不希望使用他在会话中收集的设置和信息使用户页面过期。这是一个复杂的图形解决方案,需要大量的输入。用户只需点击刷新即可检索最新数据。
The solution to above scenario was to not store it is part of the session, but instead encoded in the page itself. The simplest way would be to use <intput type="hidden"> fields. You could also use embedded xml, or make it part of the URL (to make a true browser refresh work).
上述场景的解决方案是不存储它是会话的一部分,而是在页面本身编码。最简单的方法是使用
#3
In web.xml define the following
在web.xml中定义以下内容
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
which has the same effect as the code posted above and will apply to all sessions for that web-app.
与上面发布的代码具有相同的效果,并将应用于该Web应用程序的所有会话。
#4
use a HttpSessionListener. In the sessionCreated() method, you can set the session timeout programmatically.
使用HttpSessionListener。在sessionCreated()方法中,您可以以编程方式设置会话超时。
public class MyHttpSessionListener implements HttpSessionListener{
public void sessionCreated(HttpSessionEvent event){
event.getSession().setMaxInactiveInterval(-1); //in seconds
}
public void sessionDestroyed(HttpSessionEvent event){}
}
And don't forget to define the listener in the deployment descriptor:
<webapp>
...
<listeners>
<listener-class>com.MyHttpSessionListener</listener-class>
</listeners>
</webapp>
#5
You can also use the following:
您还可以使用以下内容:
HttpSession session = request.getSession();
session.setMaxInactiveInterval(0);
or
HttpSession session = request.getSession();
session.setMaxInactiveInterval(-1);