2013-10-31 113 views

回答

3

縱觀HttpSessionEventPublisher API,看起來您可以使用sessionDestroyed()方法中作爲參數傳遞的HttpSessionDestroyedEvent

你可以做一些像如下:

javax.servlet.http.HttpSession session = event.getSession(); 
long lastAction = session.getLastAccessedTime(); 
long now = System.currentTimeMillis(); 
int timeout= getMaxInactiveInterval(); 
if ((now-lastAction) > timeout) 
    //the session has timed out 

SecurityContext context = getSecurityContext(); 
Authentication authentication = context.getAuthentication(); 
if (!authentication.isAuthenticated()) 
    //the user has logged out