-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 1/21/2010 5:07 PM, Pid wrote: > On 21/01/2010 15:26, Christopher Schultz wrote: > Pid, > > On 1/21/2010 3:32 AM, Pid wrote: >>>> On 21/01/2010 04:45, grailcattt wrote: >>>>> >>>>> That is exactly what I ended up doing and it is working well. I was >>>>> hoping >>>>> for a solution that used tomcat session management rather than >>>>> managing my >>>>> own session timeouts, but it works well. >>>> >>>> If you put the poll servlet in a separate app and are NOT using the >>>> single sign on valve, you could set a separate session timeout in that >>>> servlet/app. >>>> >>>> I think. > > If you access the session at all, it counts as a "touch", thereby > extending the life of the session. It's not possible to "peek" at the > session without "touching" it AFAICT. There's probably a way to do this > with a replacement for either the session manager or a valve, but I > think the code would need to divine the intent of the calling code to > work properly. :( > >> True - the poll servlet would have to be stateless and couldn't use any >> login credentials without an independant login, which would probably be >> counter productive. > >> But, the session would be separate and so this would meet the initial >> criteria of allowing the main app to time out 'naturally'. > >> I think. An interesting idea. Certainly, if the servlet were to call request.getSession(), then the session would be "touched". On the other hand, for form-based logins, an HttpSession is precisely equal to a login, so I would bet that Tomcat updates the session last-used date when any request comes in with a valid session id, rather than requiring the servlet itself to specifically request it. Spelunking into Tomcat's code for this kind of thing will take a long time, so I'm not willing to do it right now :) I suppose it could be demonstrated empirically, too. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZyMcACgkQ9CaO5/Lv0PB6jwCfagGQ9nYPySWbpsPUjSdupJp5 r88An3AZqRfIs/oLIjB4ffGSo9YPqzX2 =3l2B -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
