stackoom
  简体   繁体   中英

Programmatically change session timeout

 原文  2011-05-28 19:31:30       jsf/ servlets/ web.xml/ session-timeout/ programmatic-config

Question

I can logout user after defined time of inactivity.

<session-timeout>240</session-timeout>

But, is there some way to logout in specified time, or better, for example until 5 minutes of inactivity after specified time.?

3 answers

solution1
 4 ACCPTED  2011-05-30 11:56:08

You can change the session timeout by HttpSession#setMaxInactiveInterval() wherein you can specify the desired timeout in seconds.

When you want to cover a broad range of requests for this, eg all pages in folder /admin or something, then the best place to do this is to create a Filter which is mapped on the FacesServlet which does roughly the following job:

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpSession session = request.getSession();

    if (request.getRequestURI().startsWith("/admin/")) {
        session.setMaxInactiveInterval(60 * 5); // 5 minutes.
    } else {
        session.setMaxInactiveInterval(60 * 240); // 240 minutes.
    }

    chain.doFilter(req, res);
}

In a JSF managed bean the session is available by ExternalContext#getSession() :

HttpSession session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession();
// ...

Or when you're already on JSF 2.1, then you can also use the new ExternalContext#setSessionMaxInactiveInterval() which delegates to exactly that method.

solution2
 1  2011-05-28 19:37:55

Automatically - no.

You'd have to:

  • store all sessions in a Set . Do this in a HttpSessionListener when they are created.
  • at the given time (using quartz for example) .invalidate() them

solution3
 1  2011-05-30 09:59:48

What Bozho has given you is correct, what you are seeing most likely is that when you press your logout button, the session is being destroyed, but the servlet container is then being directed to a "post logout" page, which automatically causes a session to be created (Hence "Session Destroyed" followed by "Session Created").

Short of creating your own session handling system, I don't know how you would get around this. (I've had this issue in the past and it disappeared after we created our own session system)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question session-timeout in JSF SESSION TIMEOUT PRIMEFACES? JSF Catch Session Timeout JSF session timeout and primefaces push Session timeout is not working in JSF 2.0 Automatically redirect to login page when session timeout IceFaces: inputRichText - session timeout while typing redirect the session timeout page in apache shiro How to implement Session Timeout Handling using pimefaces? JSF 2.0 Session Timeout throws IllegalStateException
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM