会话到期时间?
[英]Session expiry times?
问题描述
I've enabled sessions on my app: 
我已在我的应用程序上启用了会话:
// appengine-web.xml
<sessions-enabled>true</sessions-enabled>
they seem to work when I load different pages under my domain. 当我在网域下加载不同的页面时,它们似乎起作用。 If I close the browser however, looks like the session is terminated. 但是,如果我关闭浏览器,会话似乎已终止。 Restarting the browser shows the last session is no longer available. 重新启动浏览器显示上一个会话不再可用。
That could be fine, just wondering if this is documented anywhere, so I can rely on this fact? 很好,只是想知道是否在任何地方都有记录,因此我可以依靠这个事实吗?
I tried the following just to test if we can tweak it: 我尝试了以下方法来测试我们是否可以对其进行调整:
// in web.xml
<session-config>
<session-timeout>10</session-timeout>
</session-config>
also 也
// in my servlet
getThreadLocalRequest().getSession().setMaxInactiveInterval(60 * 5);
but same behavior, session data is no longer available after browser restart. 但行为相同,浏览器重启后会话数据将不再可用。
I looked at the stats for my project and I see data being used for something like "_ah_SESSION" objects. 我查看了项目的统计信息,发现数据正在用于“ _ah_SESSION”对象之类的东西。 Are those the sessions from above? 这些是从上面来的吗? If so, shouldn't they be cleaned since they're no longer valid? 如果是这样,难道不应该清洗它们,因为它们不再有效了吗? (Hopefully gae takes care of that automatically?) (希望gae能自动处理该问题?)
Thanks 谢谢
3 个解决方案
解决方案1
4 2010-04-26 09:31:41
Using Google accounts, session expiry is actually handled in the App Engine admin console, not through Java. 使用Google帐户,会话有效期实际上是在App Engine管理控制台中处理的,而不是通过Java处理的。 Log in to your admin console at http://appengine.google.com/ and select 'Application Settings', then change 'Cookie Expiration' to whatever period suits you best. 通过http://appengine.google.com/登录到您的管理控制台,然后选择“应用程序设置”,然后将“ Cookie有效期”更改为最适合您的时间段。
解决方案2
2 已采纳 2010-04-24 18:39:15
That is how a session works. 会话就是这样工作的。 JSESSIONID typically holds the session ID in the HTTP. JSESSIONID通常在HTTP中保存会话ID。 When the browser closes the session the session still stays active in the server and all expired sessions are freed after a period of time. 当浏览器关闭会话时,会话仍在服务器中保持活动状态,并且所有过期的会话将在一段时间后释放。
When you reopen a new browser session the browser has no idea on any previous sessions so a new one is created. 当您重新打开一个新的浏览器会话时,浏览器对以前的任何会话都不了解,因此创建了一个新的会话。
There are workarounds for this... 有解决方法...
- Create a Cookie -创建一个Cookie
- Store a unique variable in a hidden form field and use that. -将唯一变量存储在隐藏的表单字段中并使用它。
- URL rewriting -URL重写
解决方案3
1 2017-01-08 12:55:20
By default Jetty* sets a JSESSIONID cookie ( session based ) which means that it will be deleted after your browser is closed. 默认情况下,Jetty *设置JSESSIONID cookie(基于会话),这意味着它将在您的浏览器关闭后被删除。 When the browser is opened again, a new JSESSIONID cookie will be created and the previous session context is lost. 再次打开浏览器时,将创建一个新的JSESSIONID cookie,并且先前的会话上下文将丢失。
If you want to keep the cookie alive for longer then just add the following configuration on your web.xml: 如果您想让Cookie保持更长时间有效,则只需在web.xml上添加以下配置即可:
Set cookie expiration time 设置Cookie到期时间
<context-param>
<param-name>org.mortbay.jetty.servlet.MaxAge</param-name>
<!-- amount of seconds (1 month in this case) -->
<param-value>2592000</param-value>
</context-param>
Additionally you should let google know for how long shall it keep the sessions in _ah_SESSION 另外,您应该让Google知道将会话保留在_ah_SESSION中多长时间
Set session expiration time 设置会话过期时间
<session-config>
<!-- minutes of inactivity: (1 month in this case) -->
<session-timeout>43200</session-timeout>
</session-config>
*Other Jetty configurations can be found here: https://wiki.eclipse.org/Jetty/Howto/SessionIds *其他Jetty配置可在以下位置找到: https : //wiki.eclipse.org/Jetty/Howto/SessionIds
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.