Spring - shiro
shiro 设置session超时时间为2分钟
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="120000"/>
<property name="deleteInvalidSessions" value="true"/>
<!-- <property name="sessionValidationSchedulerEnabled" value="true"/> -->
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<property name="sessionDAO" ref="sessionDAO"/>
<property name="sessionIdCookieEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
web.xml
web配置文件设置超时时间2分钟
<session-config>
<session-timeout>2</session-timeout>
</session-config>
原因:
在CheckCodeController.java类中, 为了设置验证码的有效时间, 架构师给session设置了maxInactivevInterval最大有效时间, 这个设置直接覆盖了shiro和web.xml中超时配置.
下面是生成验证码函数的代码
private void generateGBCheckCode() throws Exception{
int codeCount = 4;
final int width = 30 * codeCount, height = 36;
BufferedImage image = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
final String sCheckCode = creatImageGB(image, codeCount);
final HttpSession session = request.getSession();
session.setMaxInactiveInterval(GENERATE_TIME);
session.setAttribute(ManageConstants.GENERATE_CHECK_CODE_FLAG, sCheckCode);
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader("Expires", -1); //prevents caching at the proxy server
response.setContentType("image/png");
ImageIO.write(image, "PNG", response.getOutputStream());
}