The HttpServletRequest contains an HttpSession object - this represents a user session. Session state can be stored against this object, and will persist between HTTP calls. It's contents are stored server-side, and are not visible to the client - Spring just gives the client cookie containing a JSESSIONID.
This blog entry gives an example of attaching a listener to session events:
http://www.mkyong.com/servlet/a-simple-httpsessionlistener-example-active-sessions-counter/
To hook in to session events, write a class implementing HttpSessionListener, and register it in web.xml as a "listener". This allows you to trigger actions when sessions are created or destroyed.
The following in web.xml sets the session timeout (in minutes):
<session-config>
<session-timeout>30</session-timeout>
</session-config>
The JSESSIONID cookie doesn't set this expiry time on the cookie.
No comments:
Post a Comment