This article mainly introduces the detailed explanation of the Session timeout principle in SpringBoot. The editor thinks it is quite good, so I will share it with you now and give it as a reference. Let’s follow the editor and take a look.
1: Preface:
If there is no operation after logging in to the payment background for a period of time, , you always need to log in again before you can continue to access the page. The reason for this problem is that the session times out. After debugging the code, it was found that the session time out is 1800s. That is to say, when there is no operation within 1800 seconds, the session will time out. So how is this timeout set? Then how to reset this timeout? How does the system determine when the session has timed out? Next, we will answer them one by one.
2: How is the system session timeout set by default?
Explanation: The method to obtain the session timeout is "request.getSession().getMaxInactiveInterval()", but the parameter for setting the timeout in tomcat is "sessionTimeout", then How are they connected?
Step 1: Load the sessionTimeout parameter.
1. Project operation initialization loads the "org.springframework.boot.autoconfigure.web.ServerProperties" class through the "@ConfigurationProperties" annotation.
//springBoot中默认的配置文件为"application.yml"或者"application.perties"文件,也就是说server是其中的一个配置参数。
@ConfigurationProperties(prefix = "server", ignoreUnknownFields = true)
public class ServerProperties
implements EmbeddedServletContainerCustomizer, EnvironmentAware, Ordered {
//代码
}2. The "ServerProperties" in the above class inherits from the "EmbeddedServletContainerCustomizer" interface. Rewrite the customize method, and then "push up" in this method to find the "AbstractConfigurableEmbeddedServletContainer" class.
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
//多个参数判断,如果在application中没配置的情况下都是null
if (getPort() != null) {
container.setPort(getPort());
}
...//n多个参数判断,
//以下的代码就是重点,因为是tomcat容器,所以以下条件为“真”,经过一系列的查找父类或者实现接口即可找到抽象类“AbstractConfigurableEmbeddedServletContainer”
//public class TomcatEmbeddedServletContainerFactory extends AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware
//public abstract class AbstractEmbeddedServletContainerFactory extends AbstractConfigurableEmbeddedServletContainer implements EmbeddedServletContainerFactory
if (container instanceof TomcatEmbeddedServletContainerFactory) {
getTomcat().customizeTomcat(this,
(TomcatEmbeddedServletContainerFactory) container);
}
//以上代码执行完成之后,实际上已经有对应的session所有的默认参数,之后通过下面方法,将所有参数放入对应的容器中。第3、4步就是设置过程
container.addInitializers(new SessionConfiguringInitializer(this.session));
}3. You can finally find the relevant settings of "timeout time" in the "AbstractConfigurableEmbeddedServletContainer" class
//重要代码
//45行
private static final int DEFAULT_SESSION_TIMEOUT = (int) TimeUnit.MINUTES
.toSeconds(30);
//66行
private int sessionTimeout = DEFAULT_SESSION_TIMEOUT;
@Override
public void setSessionTimeout(int sessionTimeout) {
this.sessionTimeout = sessionTimeout;
}
//171-188行
@Override
public void setSessionTimeout(int sessionTimeout, TimeUnit timeUnit) {
Assert.notNull(timeUnit, "TimeUnit must not be null");
this.sessionTimeout = (int) timeUnit.toSeconds(sessionTimeout);
}
/**
* Return the session timeout in seconds.
* @return the timeout in seconds
*/
public int getSessionTimeout() {
return this.sessionTimeout;
}4. Perform step 2 of "Container.addInitializers(new SessionConfiguringInitializer(this.session ))" loads all configuration parameters.
public static class Session {
/**
* Session timeout in seconds.
*/
private Integer timeout;
public Integer getTimeout() {
return this.timeout;
}
//将session超时时间设置进来
public void setTimeout(Integer sessionTimeout) {
this.timeout = sessionTimeout;
}Step 2: Assign the above timeout period to the "MaxInactiveInterval" parameter.
Note: Since all the parameters required by tomcat above have been loaded, tomcat will be run next. I will not go into details here and go directly to the description of tomcat startup and loading parameters. The method calling process in the "TomcatEmbeddedServletContainerFactory" class is as follows:
getEmbeddedServletContainer--》prepareContext--》configureContext--》configureSession--》getSessionTimeoutInMinutes.
1. Call configureSession to set the Session configuration parameters of tomcat.
//以下代码
private void configureSession(Context context) {
long sessionTimeout = getSessionTimeoutInMinutes();
context.setSessionTimeout((int) sessionTimeout);
Manager manager = context.getManager();
if (manager == null) {
manager = new StandardManager();
//此处即为设置相应的参数的位置。之后会调用StandardContext类的setManger(Manager)方法,在setManger中会调用"manager.setContext(this)"
context.setManager(manager);
}
}
//计算超时时间为分钟(注意:此处会将之前的1800秒,转换为30分钟)。可以看出最终的时间结果是个整数的分钟类型,也就是说如果设置的超时时间(单位为秒)不是60的倍数,也会最终转换为60的倍数,并且最小超时时间设置的是60秒。
private long getSessionTimeoutInMinutes() {
long sessionTimeout = getSessionTimeout();
if (sessionTimeout > 0) {
sessionTimeout = Math.max(TimeUnit.SECONDS.toMinutes(sessionTimeout), 1L);
}
return sessionTimeout;
}2. Finally, assign SessionTimeout to MaxInactiveInterval. Finally completed the session timeout setting.
//以下代码
@Override
public void setContext(Context context) {
//省略其余设置代码,直接重新设置Session超时时间,此时又将上面的分钟单位转为秒。此时终于给Sesseion设置了默认超时时间。
if (this.context != null) {
setMaxInactiveInterval(this.context.getSessionTimeout() * 60);
this.context.addPropertyChangeListener(this);
}
}3: What if the timeout is customized?
In fact, from the above process, it is not difficult to see that you only need to find the corresponding Session parameters in the "org.springframework.boot.autoconfigure.web.ServerProperties" class. Initialize and let it load to complete the setting.
/**
* Get the session timeout.
* @return the session timeout
* @deprecated since 1.3.0 in favor of {@code session.timeout}.
*/
@Deprecated
@DeprecatedConfigurationProperty(replacement = "server.session.timeout")
public Integer getSessionTimeout() {
return this.session.getTimeout();
}So just configure "server.session.timeout" in the application. The parameter type is long type and the unit is "seconds".
Four: How does the running program determine the session timeout?
It's actually very simple: you just need to compare the time of the same sessionequest request with the previous request time, and find that the difference between the two values is greater than MaxInactiveInterval The value can be.
//判断是否超时
@Override
public boolean isValid() {
//省略多个条件判断
if (maxInactiveInterval > 0) {
//判断此session空闲时间是否比maxInactiveInterval大,如果大的情况下,session就超时
int timeIdle = (int) (getIdleTimeInternal() / 1000L);
if (timeIdle >= maxInactiveInterval) {
expire(true);
}
}
return this.isValid;
}
//将上次访问时间和当前时间比较,拿到空闲时间值
@Override
public long getIdleTimeInternal() {
long timeNow = System.currentTimeMillis();
long timeIdle;
if (LAST_ACCESS_AT_START) {
timeIdle = timeNow - lastAccessedTime;
} else {
timeIdle = timeNow - thisAccessedTime;
}
return timeIdle;
}Note:
So in order to ensure that the session timeout is longer, you can configure the "server.session.timeout" parameter in the application configuration file. The parameter unit is "seconds" ”, if the parameter is not an integer multiple of 60, it will be converted to an integer multiple of 60 (see 2: How the system sets the timeout, the algorithm in “1” in step 2). If it is less than one minute, it will be converted to 60 seconds.
Extension:
In fact, you can also directly override the customize method of EmbeddedServletContainerCustomizer for assignment.
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer(){
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
container.setSessionTimeout(600);//单位为S
}
};
}The above is the detailed content of Detailed explanation of the causes of Session timeout problem in SpringBoot. For more information, please follow other related articles on the PHP Chinese website!