Q: What are the methods of Session destruction?

Session, as we can not do without the background technology, its emergence is mainly to solve the Http protocolstatelessFeature, used to solve the storage problem of user state, and often for storage will involve a time problem, let’s take a look at its destruction methods in the end what.

Mode of destruction

  • Default time expiration

  • Set your own expiration date

  • Immediately the failure

  • Close the browser

  • Shut down the server

A case in field

Default time expiration

When the client requests the servlet for the first time and operates on the session, the session object is generated. Take Tomcat as an example. In Tomcat, the default lifetime of the session is 30min, that is, the time when you do not operate the interface. The session will be retimed. Can the default session time be changed? The answer is yes. This can be modified in the web. XML file in Tomcat. The diagram below:

Set your own expiration date

Way, of course, in addition to the above changes, we can also set the session in the program ourselves life cycle, through the session. SetMaxInactiveInterval (int); To set the maximum inactivity time of the session, in seconds.

HttpSession session = req.getSession(); session.setMaxInactiveInterval(5);Copy the code

We can also use getMaxInactiveInterval(); Method to view the maximum inactivity time of the current Session object.

Immediately the failure

Alternatively, we can use session.invalidate(); Method invalidates the session immediately.

session.invalidate();
Copy the code

Close the browser

The underlying implementation of session relies on cookie, because different users need to determine which session is used when accessing the server, so when users access the server for the first time, they usually store a session ID to the user through cookie. The cookie is valid until the browser is closed, so the session expires when the browser is closed (because there is no session ID corresponding to it). As shown in the following figure, the browser is re-assigned a session ID.

The important thing to note here is that it’s just that the cookie doesn’t work, so if you access it again, the server is treating you as a new user, creating a session for you, not destroying the previous session object.

Shut down the server

The session is destroyed when the server is abnormally shut down. In the session. ser file in the work directory of the workspace, if the object is saved in session, the server will serialize the object to disk when it is shut down. This object must implement the Serializable interface, which is automatically loaded into memory the next time the service is started. As shown in the picture below, you can see a session. Ser file in the folder after normal closing. The file disappears when you start the server again.

Extends ~Cookie destruction

In addition to the name and content of the Cookie, we also need to care about the expiration time, which is used to specify when the Cookie expires. The default value is invalid when the current browser is closed. We can manually set the expiry time of the cookie (calculated by the expiry time) through setMaxAge(int expiry); Method sets the maximum validity time of cookies, in seconds.

  • An integer greater than 0, representing the number of seconds stored; If the value is negative, the cookie is not stored. If the value is 0, the cookie is deleted.

  • Negative integer: The default value of the cookie’s maxAge attribute is -1, which means that the cookie only lives in browser memory and disappears once the browser window is closed.

  • Positive integer: indicates the specified number of seconds the cookie object can survive. When the life is greater than 0, the browser will save the Cookie to the hard disk, even if the browser is closed, even if the client computer restarts, the Cookie will live for the corresponding time.

  • Zero: Cookie life equals 0 is a special value that indicates that the cookie is invalidated! That is, if the original browser has already saved the Cookie, the Cookie’s setMaxAge(0) can be deleted. The Cookie is deleted either in the browser’s memory or on the client’s hard drive.