On 2/9/2018 10:20 PM, Emi wrote: >>>>> [Try2] . Each user login session create one fixedPool . When user >>>>> logout, fixedPool.shutdown() What about if users do not call >>>>> logout action. Where and how the fixedPool to be shutdown? Is >>>>> there a way to auto shutdown after period of time? >>>> You can write your own listener by implementing HttpSessionListener >>>> and call shutdown in it's `sessionDestroyed` method. Please see [1]. >>>> [1] http://www.myjavarecipes.com/tag/session-timeout-handling-in-java/ >>> I will try1 which can be used/shared by all login users or 2 used by >>> per login user session then. >> set session as it's life-time, then it seems you still simply can use >> that spring bean with `scope` set to `session`. >> session scope can be a bad choice if your "...actions such as send >> email, etc" take too long to being completed because user can log out >> or session can being expired in the middle of their executions! > For users logout action, I could try to check based on future.get() to > help users know there are processes still running.
I see but I think you should not force user to not logout. Consider a user which uses a shared computer of an airport and now wants to logout to not miss her flight :) if you force her to being loged in, but she leaves that shared computer and this raises security issues for her as next person can use her session :( > > For session expired, this is not clear to me. In web.xml, > session-timeout=60 for example. Users will be considered auto-logout > only if users have not use any features(no active actions) for more than > 60 mins. > > If there are sub-threads submitted by action class(struts2 is > thread-safe, I could consider the action class as a main thread?), and > if sub-threads have not completed, wouldn't web.xml consider there are > still active actions? > No, it just invalidates the session. And developer has to clean up when a session is about to be invalidated (HttpSessionListener. sessionDestroyed). > So, wouldn't it be that user-session auto-expired only when: > (1) users have not use any features and > (2) All sub-threads submitted by users through action classes have > completed > No, it doesn't consider what you have in session. It simply invalidates. > If I misunderstood threads usage in struts2 framework, please kindly > correct me. > These are not about Struts. Underlying servlet implementation (e.g. tomcat) does these. Sincerely, Yasser.
