使会话无效
我有一个基于 jsp servlet 的应用程序,会话时间超过 30 分钟,我想在有人有意或无意地关闭浏览器窗口时立即使会话无效(操作系统关闭/从tast管理器关闭/断电)
我可以检查一下吗为此并使会话无效?
I have a jsp servlet based application, with session time out of 30 mins, I want to invalidate the session as soon as a person closes the browser window intentionally or accidentally (OS shutdown/close from tast manager/powerdown)
Can I put a check for that and invalidate the session?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
无法处理这种情况。
有一些浏览器提供此设置作为其首选项,但您无法以编程方式处理此设置。
最多:
一旦连接关闭,您就可以从与 gmail 中的 gtalk 相同的页面(可能是标题)进行民意调查,从而清除该会话。
It is not possible to handle this scenario .
There are some browsers which provide this setting as their preference , but you can't handle this programitically.
At max:
You can make a poll from page(may be header) same as gtalk in gmail as soon as connection closes wipe that session out.
你为什么要这样做,你已经在服务器中配置了,会话应该保持空闲30分钟,之后它将在服务器中过期。
如果您想这样做,请使用以下 javascript 或 jquery(更适合跨浏览器),当浏览关闭事件发生时,通过在 jsp 中运行以下代码发送 ajax 请求以使会话无效
(
request.getSession(false).setMaxInactiveInteral(0);)来自 JavaScript
可以实现服务器推送 ajax 轮询,例如认为 session 再过 2 秒就会过期,发送服务器端向客户端请求使 cookie 无效,并且在服务器中您可以使会话无效。
Why do you want to do that, you have already configured that in server that ,session should stay idle for 30 mins,after that it will expire in server.
if you want to do that use the following javascript or jquery(better for cross browser) , when the browse close event happens send an ajax request to invalidate session by running following code in jsp
(
request.getSession(false).setMaxInactiveInteral(0);)From javascript
You can implement the server push ajax polling , for example think that session is going to expire in another 2 seconds , send a server side request to client to invalidate the cookie and also in the server you can invalidate the session.
不,我不相信你可以这样做,因为浏览器中没有可用的钩子让它在关闭时发送断开连接通知(某种形式),而且我不认为有服务器端机制可以询问最近的会话来测试其连接状态。
No I don't believe you can do that as there are no hooks available in the browser to get it to send a disconnect notification (of some sort) when it closes and I don't think there is a server-side mechanism to interrogate recent sessions to test their connection status.
如果您使用的是 tomcat 5.0/5.5/6.0 容器,则 tomcat 会话管理器生成的用于跟踪会话 (JSESSIONID) 的 cookie 是每个会话 cookie(仅浏览器内存 cookie),而不是持久 cookie(写入磁盘)。这是因为会话管理器执行(硬编码)setMaxAge(-1),以便生成的 HTTP 响应包含:
设置 Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/并且没有Expire=date。因此,当浏览器关闭时(所有浏览器窗口,或仅包含 cookie 的窗口,具体取决于各种浏览器实现),cookie 和会话都会丢失。 [*]
这与
[*] 它们仍将保留在服务器端的磁盘上,直到会话超时到期,但不会有带有 cookie 的请求激活它们。
If you are using tomcat 5.0/5.5/6.0 container, the cookie generated by tomcat session manager to track the session (JSESSIONID) is a per-session cookie (browser memory only cookie) instead of a persistent cookie (write to disk). That's because the session manager does (hardcoded) setMaxAge(-1), so that the generated HTTP-response contains:
Set-Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/and noExpire=date.So when the browser is closed (all browser windows, or just the window containing the cookie, depending on the variuos browser implementations), the cookie - and the session - are lost. [*]
This has nothing to do with
<session-timeout>, which is a setting that tells the tomcat server-side session manager to expire sessions when idle for more time than specified.[*] they will still be persisted on disk on the server-side, till session-timeout expires, but there wont be a request with a cookie activating them.