STRUTS架构,tomcat
在web.xml配置30分钟后,
后台是怎么判断session失效的?到了30分钟就失效,还是30分钟内无操作就失效?如果是后者,又是如何判断没有操作的呢?
一般网站是怎么处理用户操作的时间设置的呢?
在web.xml配置30分钟后,
后台是怎么判断session失效的?到了30分钟就失效,还是30分钟内无操作就失效?如果是后者,又是如何判断没有操作的呢?
一般网站是怎么处理用户操作的时间设置的呢?
1.设置监听.<filter>
<filter-name>SessionTimeoutCheck</filter-name>
<filter-class>
cn.ipanel.apps.epgad.web.filter.SessionTimeoutCheckFilter
</filter-class>
<init-param>
<param-name>notCheckUrls</param-name>
<param-value>login.jsp,user.do?m=login</param-value>
</init-param>
</filter>2.写SessionTimeoutCheckFilterpublic class SessionTimeoutCheckFilter implements Filter { private Logger logger = Logger.getLogger(this.getClass()); private FilterConfig filterConfig;
private String sessionNotCheckUrls[];// 不进行Session检查的URL public void init(FilterConfig arg0) throws ServletException {
this.filterConfig = arg0;
String notCheckUrls = filterConfig.getInitParameter("notCheckUrls");
if (notCheckUrls != null && notCheckUrls.length() > 0)
sessionNotCheckUrls = notCheckUrls.split(",");
} public void doFilter(ServletRequest srequest, ServletResponse sresponse,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) srequest;
HttpServletResponse response = (HttpServletResponse) sresponse;
HttpSession session = request.getSession(true);
String requestUri = request.getServletPath();
String param = request.getQueryString(); // 参数
if (param != null && param.length() != 0)
requestUri = requestUri + "?" + param; if (requestUri.substring(requestUri.length() - 1).equals("/"))// ip+projectName请求
requestUri = Defines.LOGIN_PAGE; boolean needCheck = true;
for (int i = 0; i < sessionNotCheckUrls.length; i++) {
String checkURL = sessionNotCheckUrls[i];
if (requestUri.lastIndexOf(checkURL) != -1) {
needCheck = false;
break;
}
}
if (needCheck && session.getAttribute(Defines.S_USERINFO) == null) {
String loginPage = request.getContextPath() + "/"
+ Defines.LOGIN_PAGE;
session.setAttribute(Defines.S_LAST_ACCESS_PAGE, requestUri);
logger.info("用户会话无效,请求被重置! PATH:" + requestUri);
StringBuffer sb = new StringBuffer("<script>");
sb.append("alert('提示:用户未登陆或连接超时,请重新登陆!');");
sb.append("window.top.location.href='");
sb.append(loginPage);
sb.append("';</script>");
response.setContentType("text/html; charset=GBK");
response.getWriter().print(sb.toString());
return;
}
chain.doFilter(request, response);
} public void destroy() {
this.filterConfig = null;
} public FilterConfig getFilterConfig() {
return filterConfig;
} public void setFilterConfig(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}}
一般网站采用的都是cookie记录方式,形式差不多,在你每操作一次的时候,cookie会有时间记录,然后与你当前操作时间进行比较
而是不操作30分钟就失效,后台可以判断,
参考一下一楼liaoyi_ipanel,这个老哥的代码吧