仅仅做个笔记

public void generate(HttpServletResponse response){
		ByteArrayOutputStream output = new ByteArrayOutputStream();
		String code = drawImg(output);

		Subject currentUser = ();
		final Session session = ();
		(Const.SESSION_SECURITY_CODE, code);

		("验证码已经生成");
		Timer timer = new Timer();// 实例化Timer类
		(new TimerTask() {
			public void run() {
				(Const.SESSION_SECURITY_CODE);
				("验证码过期");
				();
			}
		}, 300000);// 这里百毫秒
		("验证码将在5分钟后过期");

		try {
			ServletOutputStream out = ();
			(out);
			();
		} catch (IOException e) {
			//();
		}
	}

主要还是借助了session和定时任务
然后碰到问题了,用户注销后，
因为做了清除session操作
导致重写登录后有报错

	Exception in thread "Timer-1" : : getAttribute: Session already invalidated
	at (:167)
	at (:135)
	at $(:56)
	at (:555)
	at (:505)
Caused by: : getAttribute: Session already invalidated
	at (:1145)
	at (:103)
	at (:163)
	... 4 more