Just a quick question. On login I put every user into a db because one time only one user can log in with the same username and password. If this user is already in the db I dont let the user in. When the user logs out I clear the dB table and invalidate the session in a Servlet. Now if the user forgot to logout, the session obviously will be expired at eg. 20 minutes so In web.xml I created this:
<listener>
<listener-class>com.servlets.dbclean</l开发者_JAVA技巧istener-class>
</listener>
This dbclean class then implements HttpSessionListener and on the sessionDestroyed method I clear up the db.
My question: is it enough to have this db cleanup happen only here, because when the user logs out manually the session will be invalidated and this method will be called or should I clean up the db at the /doLogout Servlet and rely on this Listener when the user forgot to log out? So is it a save way to use only this Listener?
The listener will be triggered when the session is invalidated - either by timeout or by calling invalidate()
If you don't need to support clustering, you can simply store the logged user in a Set inside the ServletContext (do it in on sessionCreated(..), and then remove it from that Set in sessionDestroyed(..). No need to go to the database - it can all stay in memory. (Using session replication you can do this in a cluster as well)
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论