i am using spring framework,apache,tomcat and开发者_开发问答 the login page is handled with spring security and i have an issue that every first time request to the login page is generating a new session for the user, i know it's the default behaviour, when you access the login page, a new session is created for you, then what if a large load made on the login page, too many users are just viewing the login page without doing anything, so too many un-used sessions are created here. what do you guys think of just an issue, i know it's rare, but it may occur, how to deal with it ?
I don't think thats rare. One possible solute could be to set the session timeout to a minimum. For example 5 minutes. Further you can write a filter to increase the session timeout if a session already exists for the user. So normal user will have a session timeout of 30 minutes and users only visit one side have a timeout of 5 minutes.
Here is a filter that dose the trick:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
// The false is important, otherwise a new session will be created.
HttpSession session = httpRequest.getSession(false);
if (session == null) {
chain.doFilter(request, response);
return;
}
session.setMaxInactiveInterval(30 * 60);
chain.doFilter(request, response);
}
Another good advice is to filter crawlers like the google bot. "Bot Detection" is a good keyword to look for.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论