stackoom
  简体   繁体   中英

Session expiry times?

 原文  2010-04-24 06:02:16       java/ google-app-engine

Question

I've enabled sessions on my app: 

// appengine-web.xml
<sessions-enabled>true</sessions-enabled>

they seem to work when I load different pages under my domain. If I close the browser however, looks like the session is terminated. Restarting the browser shows the last session is no longer available.

That could be fine, just wondering if this is documented anywhere, so I can rely on this fact?

I tried the following just to test if we can tweak it: 

// in web.xml
<session-config>
    <session-timeout>10</session-timeout>
</session-config>

also 

// in my servlet
getThreadLocalRequest().getSession().setMaxInactiveInterval(60 * 5);

but same behavior, session data is no longer available after browser restart.

I looked at the stats for my project and I see data being used for something like "_ah_SESSION" objects. Are those the sessions from above? If so, shouldn't they be cleaned since they're no longer valid? (Hopefully gae takes care of that automatically?)

Thanks

3 answers

solution1
 4  2010-04-26 09:31:41

Using Google accounts, session expiry is actually handled in the App Engine admin console, not through Java. Log in to your admin console at http://appengine.google.com/ and select 'Application Settings', then change 'Cookie Expiration' to whatever period suits you best.

solution2
 2 ACCPTED  2010-04-24 18:39:15

That is how a session works. JSESSIONID typically holds the session ID in the HTTP. When the browser closes the session the session still stays active in the server and all expired sessions are freed after a period of time.
When you reopen a new browser session the browser has no idea on any previous sessions so a new one is created.
There are workarounds for this...
- Create a Cookie
- Store a unique variable in a hidden form field and use that.
- URL rewriting

solution3
 1  2017-01-08 12:55:20

By default Jetty* sets a JSESSIONID cookie ( session based ) which means that it will be deleted after your browser is closed. When the browser is opened again, a new JSESSIONID cookie will be created and the previous session context is lost.

If you want to keep the cookie alive for longer then just add the following configuration on your web.xml:

Set cookie expiration time 

<context-param>
    <param-name>org.mortbay.jetty.servlet.MaxAge</param-name>
    <!-- amount of seconds (1 month in this case) -->
    <param-value>2592000</param-value> 
</context-param>

Additionally you should let google know for how long shall it keep the sessions in _ah_SESSION

Set session expiration time 

<session-config>
    <!-- minutes of inactivity: (1 month in this case) -->
    <session-timeout>43200</session-timeout>   
</session-config>

*Other Jetty configurations can be found here: https://wiki.eclipse.org/Jetty/Howto/SessionIds

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google Drive Session Expiry Session Timeout/Expiry in java Closing popups on session expiry Fetching expiry of the session from URL Set Expiry date to Session cookie Perform custom event before Session Expiry in Spring Is it possible to kill session or force session expiry in Tomcat either active or inactive? Remove files after session expiry in java web application User session timeout expiry not throwing confirmDialog for long timeouts Is there a way to put up different expiry times for different elements I insert in ignitecache?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM