几秒钟后会话发生变化:Java Servlet
我默认安装了 Tomcat 6.0,并且有一个将信息存储在会话变量中的应用程序。
看来我的会话在短时间不活动后就失效了。只要我每隔几秒导航到另一个页面,会话数据就在那里,但如果我停止点击大约半分钟,浏览器存储的会话 ID 就会发生变化。 (我已经使用 Firebug 确认了这一点,并且在我的目标浏览器 IE8 中看到了相同的行为。)
为什么会发生这种情况?我的应用程序的 web.xml 指定了 30 分钟的会话,我已调用 session.setMaxInactiveInterval(60) 来查看这是否改变了任何内容,但似乎没有改变。
健全性检查:
我的网络应用程序 web.xml 开始如下:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"
version="2.5">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
我的服务器的 web.xml 包含这些行:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
I have a default installation of Tomcat 6.0, and I have an app that stores information in the session variable.
It seems that my session is invalidated after a short period of inactivity. So long as I'm navigating to another page every few seconds, the session data is there, but if I stop clicking for about half a minute, the session id that the browser stores changes. (I've confirmed this using Firebug, and see the same behavior from IE8 which is my target browser.)
Why might this be happening? The web.xml for my app specifies 30 minute sessions, and I've made a call to session.setMaxInactiveInterval(60) to see if that changed anything, but it doesn't seem to.
Sanity check:
My web app web.xml starts like this:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"
version="2.5">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
My server's web.xml contains these lines:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
根据这个,您使用的方法将输入视为秒,而不是分钟,因此您会使事情变得更糟。
至于其余的,我会考虑使用会话的代码,因为 web.xml 片段看起来不错。
According to this, the method you use take the input as seconds, not minutes, so you would be making things worse.
As for the rest, I'd think about the code that is using the session since the web.xml fragment looks ok.
Tomcat 6 的某些最新版本具有名为“会话固定”的功能”,它会在您登录后更改会话 ID。
Some of the lastest versions of Tomcat 6 have a feature named "Session Fixation" which changes the session Id after you login.