*******在web.xm中做session过期时间设置************
<session-config>
<session-timeout>15</session-timeout>
</session-config>
******************LogonAction.java******************************
ActionServlet servlet = this.getServlet();
HttpSession session = request.getSession();
ServletContext servletContext = servlet.getServletContext();
HttpSession oldSession = (HttpSession) servletContext.getAttribute(loginId);
boolean isFirstLogin = (oldSession == null);
boolean isSameLogin = (oldSession != null) && oldSession.getId().equals(session.getId());
if (isFirstLogin || !isSameLogin) {
servletContext.setAttribute(loginId, session);
}
******************在其他需要验证的action中加入一下代码*****************
ActionServlet servlet = this.getServlet();
ServletContext servletContext = servlet.getServletContext();
HttpSession oldSession = (HttpSession) servletContext.getAttribute(loginId);
if(session.getAttribute(Constants.CURRENT_USER)==null){
session.setAttribute("message", "timeout");
return mapping.findForward("timeoutfail");
}
if (oldSession != null&&!(oldSession.getId().equals(session.getId()))) {
request.getSession().invalidate();
return (mapping.findForward("failoldsession"));
}