Best IT Recipes

SessionTimeout: web.xml vs session.maxInactiveInterval ()

I am trying to disable HttpSession in Java. My container is WebLogic.

We currently have a session timeout specified in the web.xml file, for example

<session-config> <session-timeout>15</session-timeout> </session-config>

Now they tell me that this will end the session (or is it all sessions?) At the 15th minute of use, regardless of their activity.

I am wondering if this approach is correct, or should I programmatically set the idle time interval to

 session.setMaxInactiveInterval(15 * 60); //15 minutes

I do not want to drop all sessions after 15 minutes, only those that are inactive for 15 minutes.

Are these methods equivalent? Do I have to approve web.xml configuration?

+57
java servlets session session-timeout weblogic
Jun 25 2018-10-06T00:
source share
3 answers

Now they tell me that this will end the session (or is it all sessions?) At the 15th minute of use, regardless of their activity.

This is not true . It will simply kill the session when the associated client (web browser) does not gain access to the website for more than 15 minutes. Activity, of course, expects, as expected, to see your attempt to solve this problem.

HttpSession#setMaxInactiveInterval() , by the way, doesn't change much. It is exactly the same as <session-timeout> in web.xml , with the only difference being that you can change / set it programmatically at runtime. By the way, the change only affects the current instance of the session, and not globally (otherwise it would be a static method).



To play and experience this yourself, try setting <session-timeout> to 1 minute and create an HttpSessionListener as follows:

 @WebListener public class HttpSessionChecker implements HttpSessionListener { public void sessionCreated(HttpSessionEvent event) { System.out.printf("Session ID %s created at %s%n", event.getSession().getId(), new Date()); } public void sessionDestroyed(HttpSessionEvent event) { System.out.printf("Session ID %s destroyed at %s%n", event.getSession().getId(), new Date()); } }

(if you are not already on Servlet 3.0 and therefore cannot use @WebListener , then register in web.xml as follows):

 <listener> <listener-class>com.example.HttpSessionChecker</listener-class> </listener>

Note that the servletcontainer will not immediately kill sessions after the exact timeout value. This is a background job that runs at regular intervals (for example, 5-15 minutes depending on the load and make / type of the servlet container). Therefore, do not be surprised when you do not see the destroyed line on the console immediately after exactly one minute of inactivity. However, when you start an HTTP request for a session with a timeout but not destroyed, it will be destroyed immediately.

See also:

  • How do servlets work? Create, Sessions, Shared Variables, and Multithreading
+114
Jun 25 2018-10-15T00:
source share

Now they tell me that this will end the session (or is it all sessions?) At the 15th minute of use, regardless of their activity.

No, it is not. session-timeout configures the session timeout in case of inactivity.

Are these methods equivalent? Do I have to approve web.xml configuration?

The parameter in web.xml is global; it is applied to all sessions of the specified context. Programmatically, you can change this for a specific session.

+10
Jun 25 2018-10-15T00:
source share

Please check session timeout below pseudo code

 <?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"`enter code here` xmlns:xsi="http://www.w3.org/2001/XMLSchema-instanenter code herece" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>AccountWeb</display-name> <listener> <description>[Re]configures log4j</description> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <context-param> <description>How often to check for changes in configfile (ms)</description> <param-name>log4jRefreshInterval</param-name> <param-value>60000</param-value> </context-param> <context-param> <description>Avoid setting system property as there might be several apps in same VM</description> <param-name>log4jExposeWebAppRoot</param-name> <param-value>false</param-value> </context-param> <listener> <description>The listener that will start Account</description> <display-name>AccountInitialiser</display-name> <listener-class>com.te.account.AccountInitializer</listener-class> </listener> <servlet> <display-name>Apache-Axis Servlet</display-name> <servlet-name>AxisServlet</servlet-name> <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> <load-on-startup>200</load-on-startup> </servlet> <servlet> <display-name>Axis Admin Servlet</display-name> <servlet-name>AdminServlet</servlet-name> <servlet-class>org.apache.axis.transport.http.AdminServlet</servlet-class> <load-on-startup>100</load-on-startup> </servlet> <servlet-mapping> <servlet-name>AxisServlet</servlet-name> <url-pattern>/servlet/AxisServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AxisServlet</servlet-name> <url-pattern>*.jws</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AxisServlet</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AdminServlet</servlet-name> <url-pattern>/servlet/AdminServlet</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <!-- <resource-ref> <description>The queue used to publish logging events</description> <res-ref-name>jms/LoggingAppenderQueue</res-ref-name> <res-type>javax.jms.Queue</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-ref> <description>The connection factory for the logging appender queue</description> <res-ref-name>jms/LoggingAppenderQueueConnFactory</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> --> <resource-ref> <description> </description> <res-ref-name>jdbc/AccountDB</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> </web-app>
-3
Feb 11 '16 at 5:51
source share


More articles:


All Articles