Tomcat 6:实例之间的最大会话空闲时间不同
我在 Tomcat 6 中使用 HttpSession。我部署 Web 应用程序的第一个 Tomcat 6 实例具有我期望的 Tomcat 会话行为(我将会话的 maxInactiveInteval 设置为 30 分钟)。
更新:我在以下内容中添加了更多代码,以准确演示如何在会话上设置此超时
这是我第一次设置会话的方式:
session = request.getSession(true);
session.setAttribute(USER_CREDENTIALS, new Credentials(username, password));
session.setMaxInactiveInterval(60*30);
然后我有一个检查此会话的拦截器:
HttpSession session = request.getSession(true);
Credentials cred = (Credentials) session.getAttribute(AuthController.USER_CREDENTIALS);
似乎在我开发的 Tomcat 实例中工作正常,但在 Tomcat 6 的另一个实例中,在负载平衡的环境中, maxInactiveInteval 似乎不受尊重。
更新:我的意思是,如果用户处于非活动状态(没有新请求)大约十秒,用户会话就会过期。
代码中没有其他地方设置了 maxInactiveInteval。什么可能导致这种行为?
I am using HttpSession's with Tomcat 6. The first instance of Tomcat 6 that I deployed my web application in had the behavior I would expect for my Tomcat sessions (I set a maxInactiveInteval on my session to 30 minutes).
Update: I added more code to the following to demonstrate exactly how I'm setting this timeout on a session
This is how I first setup the session:
session = request.getSession(true);
session.setAttribute(USER_CREDENTIALS, new Credentials(username, password));
session.setMaxInactiveInterval(60*30);
I then have an interceptor which checks this session:
HttpSession session = request.getSession(true);
Credentials cred = (Credentials) session.getAttribute(AuthController.USER_CREDENTIALS);
Seems to work fine in the Tomcat instance I devloped with, but in another instance of Tomcat 6, in a load balanced environment, the maxInactiveInteval doesn't seem to be respected.
Update: What I mean is that the users session expires if the user is inactive (no new requests) for approximately ten seconds.
There is no where else in the code where maxInactiveInteval is set. What could be causing this behavior?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
根据对该问题的评论,您的具体问题是负载平衡的 Tomcat 实例几乎立即使会话过期。设置/更改
setMaxInactiveInterval()根本没有帮助。您首先需要使用 Firebug 和/或 Fiddler。如果 cookie 流量看起来正常(即客户端在所有后续请求中返回正确的会话 cookie),则负载均衡器或 Tomcat 配置已损坏。这不是一个编程错误,而是服务器管理员的食物。
As per the comments on the question, your concrete problem is that a loadbalanced Tomcat instance expires the sessions almost immediately. Setting/changing the
<session-timeout>andsetMaxInactiveInterval()just don't help at all.You first need to exclude the client from being suspect by tracking the cookie traffic using Firebug and/or Fiddler. If the cookie traffic looks fine (i.e. the client returns the proper session cookie on all subsequent requests), then the loadbalancer or Tomcat configuration is broken. This is not a programming error, but food for the server admin.