Any way to anticipate session timeout?

2019-04-13 10:25发布

问题:

Is there a way to "catch" the session timeout event, so as to retrieve data from HttpSession before its invalidated ?

We're implementing the Filter Interface, and in the doFilter method, the user we stored in the session object at login is null when session times out.

Thanks in advance.

回答1:

You should be able to register an HttpSessionListener for your webapp that will allow you to get notified when a Session is destroyed.

It has two callback methods:

  • public void sessionCreated(HttpSessionEvent se)
  • public void sessionDestroyed(HttpSessionEvent se)

The HttpSessionEvent class has a getSession method that should let you get the affected session.

The listener class is registered in the web.xml

<listener>
  <description>My Session Listener</description>
  <listener-class>
    my.package.MySessionListener
  </listener-class>
</listener>


回答2:

Have the user object implement HttpSessionBindingListener, then it can see for itself when it is added to or removed from the session.



回答3:

You can always ad a piece of JSP that will check to see if your session is still active or valid - basically check to see if a session var exists (!=null) and if it doesn't - redirect the user to another page -

<% 
// check for session object
HttpSession validuser = request.getSession(); 
// check to see if session var exists
if (validuser.getValue("auth_user") == null) { 
response.sendRedirect("admin3.jsp?access+denied");
}
// if the session var is null then redirect the user

Hope this helps Mark

Source : http://www.coderanch.com/t/279538/JSP/java/jsp-session-timeout