HTTP session management [transfer]

HTTP session management When the user does not cancel the browser from the session, EJB in the user session will not be collected by garbage. This is the main reason for too many EJBs in memory. To avoid this, HTTP session management must pay attention to all possible combinations. We can set a default session timeout period in Web.xml (Web Applement Descriptor), as shown below:

x

With this setting, the user's session will be automatically released after the unacceptable X minutes.

Another way is to write session management using the following code when creating the HTTP session

HttpSession session = new httpsession (); session.setMaxinactiveInternal (int Timeoutseconds);

This code will invalidate user sessions that are not active TimeoutSeconds time.

Note: If you do two steps, the value in the servlet code will override the value set in Web.xml.

The only difference between the two methods is the second method as a parameter in seconds, and the tag is a minute as a parameter. Typically, when the session is invalid, the logoff servlet / jsp uses code to delete all object / object graphics referenced by the special session. But when the user is just closing the browser, there is no way to call the logout servlet / JSP. In this case, even if the session has been invalid, the encapsulated object and object graphics will continue. When the garbage collector is trying to collect the session, it also collects all of these package objects. When we have large objects (with large reference / data objects), we can also use the HTTPSessionListener interface to perform the same clear work.

Javax.Servlet.http.httpsessionListener interface

The interface declares the following two callback methods:

Public void sessioncreated; public void sessionDestroyed (httpsessionever event);

These methods are called before a session is created / destroyed.

We can use a listener class that implements this interface, and uses these callback methods to control the creation and destruction of the session. We need to register our listener class in Web.xml below:

MysessionListener

The benefits of using listener classes and add session timeout parameters in a web.xml file are more controlled to session management. If the session has a large object, its time slice may disappear before the garbage collector clears these objects. In this case, you need to wait until the next time piece can clear these objects.

Note: The application we design is only important. We need to launch a new HTTP Session in this class. All remaining pages should check if the HTTP session exists, and when the session is NULL (session expiration), an error page is transferred. This allows you to achieve centralized control of HTTP sessions.