Java中的会话超时(使用Spring Boot和Hazelcast)
[英]Session timeout in Java (with Spring Boot and Hazelcast)
问题描述
I have a java application built with Spring Boot 1.5.13, and I don't manage to set the session timeout to 60 minutes. 
我有一个使用Spring Boot 1.5.13构建的Java应用程序,并且我无法将会话超时设置为60分钟。 I discovered that the default session timeout is set by Spring to 30 minutes. 我发现默认会话超时由Spring设置为30分钟。 On this project, we use: 在此项目上,我们使用:
a custom configuration for HttpSecurity
HttpSecurity的自定义配置 protected void configure(HttpSecurity http) {
受保护的无效configure(HttpSecurity http){ http.successHandler((httpServletRequest, httpServletResponse, authentication) -> {
http.successHandler(((httpServletRequest,httpServletResponse,身份验证)-> { httpServletResponse.setHeader(AUTHENTICATED_HEADER_NAME, AUTHENTICATED_TRUE);
httpServletResponse.setHeader(AUTHENTICATED_HEADER_NAME,AUTHENTICATED_TRUE); HttpSession session = httpServletRequest.getSession();
HttpSession会话= httpServletRequest.getSession(); session.setMaxInactiveInterval(3600); session.setMaxInactiveInterval(3600); }) } })} and Hazelcast, with the annotation
和Hazelcast,带有注释
@EnableHazelcastHttpSession(hazelcastFlushMode = HazelcastFlushMode.IMMEDIATE, maxInactiveIntervalInSeconds = 3600)
on the configuration Class. 在配置类上。
None of the methods from above worked until now, but I discovered that I can use in application.properties file server.session.timeout=timeInSeconds , but it did't have an effect. 到目前为止,以上方法均无效,但我发现可以在application.properties文件server.session.timeout=timeInSeconds ,但没有效果。 On the debugging mode I can see that the session.maxInactiveInterval is set to 3600 seconds, but when I run the frontend on my machine with the backend having the above changes, I get a 30 minutes session. 在调试模式下,我可以看到session.maxInactiveInterval设置为3600秒,但是当我在具有上述更改的后端在计算机上运行前端时,会得到30分钟的会话。
Even weirder is the fact that if I configure from HttpSecurity setMaxInactiveInterval() with any value smaller than 30 minutes, it works, I got a session for that desired value of time, but if I try to use a value greater than 30 minutes, somehow the session will expire after 30 minutes sharp. 甚至更奇怪的是,如果我从HttpSecurity setMaxInactiveInterval()配置任何小于30分钟的值,它都可以正常工作,那么我会获得一个所需时间的会话,但是如果我尝试使用大于30分钟的值,那么会话将在30分钟后过期。
1 个解决方案
解决方案1
0 2019-09-25 11:24:02
I found that spring-session.1.3.6, which is used by SpringBoot 1.5, have a bug in its HazelcastSessionRepository save method. 我发现SpringBoot 1.5使用的spring-session.1.3.6在其HazelcastSessionRepository保存方法中存在一个错误。 Changing a session's maxInactiveInterval is noted in the Hazelcast session, but the ttl in the Hazelcast IMap holding the Hazelcast session object isn't altered after it was created. 在Hazelcast会话中记录了更改会话的maxInactiveInterval,但是在创建Hazelcast会话对象后,Hazelcast IMap中保存Hazelcast会话对象的ttl不会更改。 When the default maxInactiveInterval of 30 mins has passed, the session is removed from the IMap and the session expires. 当默认的maxInactiveInterval超过30分钟后,该会话将从IMap中删除,并且该会话到期。
It look like it has been changed in SpringBoot 2.x, but as we're still on 1.5, I patched the version we use and now it's working. 看起来它在SpringBoot 2.x中已更改,但是由于我们仍在1.5上,所以我修补了所用的版本,现在可以正常工作了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.