获取会话过期的时间(以秒为单位)
我正在构建一个具有顶部细框架的 Web 应用程序,该框架应显示 servlet 会话超时的时间(以秒为单位)。
问题在于,对 servlet 的 AJAX 调用会返回上次访问时间,而 inactiveInterval 本身会更新会话。
那么有没有一种方法可以通过不增加lastAccessedTime 的servlet 获取有关会话的信息?
谢谢
I am building a web application that has a top thin frame which should show the time in seconds in which the servlet session will timeout.
The problem is that a AJAX call to a servlet which returns the last access time, and the inactiveInterval itself updates the session.
So is there a way I can get information about the session via a servlet that does not incrementing the lastAccessedTime?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
似乎没有人真正回答所问的问题。最后一个响应是最接近的,也可能是最好的,它搭载了另一个请求所需的信息。我想补充一点,如果您可以依靠 XHR 活动,您可以使用您想要的值设置响应标头。
假设您确实想要您所要求的 - 总结/重述 - 一个参与会话但不更新上次访问时间的 servlet,您应该能够使用链接一个覆盖的 HttpServletResponse 的 Filter 来实现这一点,该过滤器返回一个覆盖的 HttpServletResponse Session 对象 - 用自己的方法覆盖 getLastAccessedTime() 方法(当然,作为属性存储在真实会话中)。它可能需要对真实会话执行自己的手动失效。
像这样的问题显示了 Servlet 规范的年龄,即使在其最新形式中,对某些低级身份验证机制也没有足够的控制,并且即使使用过滤器,覆盖也可能很困难。这些限制在使用 AJAX 等技术时就会显现出来。
It seems that no one really answered the question as asked. The last response is closest - and probably best - piggy back the information needed on another request. I would add that if you can count on XHR activity that you can set a response header with the value(s) you want.
Assuming you really want want you asked for - to summarize / restate - a servlet that participates in the session but doesn't update the last accessed time, you should be able to accomplish that with a Filter that chains an overriden HttpServletResponse that returns an overridden Session object - overriding the getLastAccessedTime() method with its own (stored as an attribute in the real session of course). It will probably need to perform its own manual invalidation of the real session.
Questions like this show the age of the Servlet specification, even in its latest forms, there isn't enough control of some of the low-level authentication mechanisms, and overriding can be difficult even with Filters. These limitations manifest themselves using technologies like AJAX.
在论文中,您不应该在会话时间本身上中继会话到期时间,在您的情况下,应该通过从当前时间减少登录时间来实现计数器。
您的 ajax 调用应该查询此变量。
希望能解决您的问题。
In thesis, you should not relay the session expiry time on the session time itself, in your case a counter should be implemented by decreasing the login time from the current time.
Your ajax call should query this variable.
Hope that solves your problem.
我可以询问更多细节吗?
真正的要求是什么?会话是否在用户登录后 x 秒内超时?
在这种情况下,您可以在 HTTPSession 对象上使用 getCreationTime() 方法
http://java.sun.com/javaee/5/docs/api/javax/servlet/http/HttpSession.html#getCreationTime%28%29
或者
会话是否需要在 x 秒不活动后超时?如果是这样,那么做一个
Can I ask for some more details?
What is the real requirement? Is it that the session time out within x seconds of a user logging in?
In that case, you you can use the getCreationTime() method on the HTTPSession object
http://java.sun.com/javaee/5/docs/api/javax/servlet/http/HttpSession.html#getCreationTime%28%29
OR
Is the requirement for the session to time out after x seconds of inactivity? If so then do a
您的顶层框架无需向服务器询问上次访问时间。为什么不让每个 HTML 页面都包含一个 JavaScript 片段,它将定义的变量设置为上次访问时间,或者可能更方便,将变量设置为 HTTP 会话的假定到期日期。根据生成网页的方式,您可以将代码片段添加到默认模板,甚至可以添加过滤器,这将在每个 HTML 页面上嵌入所需的代码。
但请注意,恕我直言,Servlet 规范仅规定,服务器可能在过期时间过后的某个时刻使会话无效,因此在过期时间之后访问会话不能保证会失败。
There's no need for your top frame to ask the server for the last access time. Why not let every HTML page contain a JavaScript snippet, which sets a defined variable to either last access, or perhaps more convenient, set the variable to the assumed expiration date of the HTTP session. Depending on how you generate your web pages, you can add the code snippet to a default template, or perhaps even add a Filter, which will embed the required code on every HTML page.
Be aware though, that IMHO, the servlet specification only states, that the server may invalidate the session at some point after the expiration time has passed, so accessing the session after the expiration time is not guaranteed to fail.