This article describes the implementation method of setting the session expiration time in Java and shares it with you for your reference. The specific implementation method is as follows:
1. Timeout in the deployment descriptor (web.xml)
in minutes
Copy the code as follows: <web-app ...>
<session-config>
<session-timeout>20</session-timeout>
</session-config>
</web-app>
The above setting takes effect for the entire web application. When the client does not initiate a request within 20 minutes, the container will kill the session.
2. Timeout with setMaxInactiveInterval()
Specify the expiration time of a specific session through encoding, in seconds. For example:
Copy the code as follows: HttpSession session = request.getSession();
session.setMaxInactiveInterval(20*60);
The above setting is only applicable on session which call the “setMaxInactiveInterval()” method, and session will be kill by container if client doesn't make any request after 20 minutes.
Thoughts….
This is a bit confusing, the value in deployment descriptor (web.xml) is in “minute”, but the setMaxInactiveInterval() method is accept the value in “second”. Both functions should synchronize it in future release
3. Define it in the program, the unit is seconds, set to -1 to never expire, the sample code is:
Copy the code as follows: session.setMaxInactiveInterval(30*60);
The priority order for session settings to produce effects is, program first, then configuration, first local, then overall.
I hope this article will be helpful to everyone’s Java programming.