On Wed, Jul 1, 2009 at 12:24 PM, Ewan <ehar...@gmail.com> wrote: > > Hmmmm I understand the issue/feature now... where by if the page > remains open then the session is kept alive by the ajax request which > is a feature and it could be argued that for almost all cases this > would be what is required. I believe there is a use case for wanting > the session to expire after a predefined interval though - thinking > secure apps such as banking or email. I know my bank irritates the > hell out of me by "logging me off" after a period of inactivity though > this might not be implemented via HttpSession but instead they persist > a timestamp of the last request and compare with the current request > time.
There are ways to do this in Lift (both with client-side JavaScript which would be my preference and with some server-side interception of requests along-side a timer). At least BofA does it with a client-side timer that pops up a JS window. Anyway, if you wanted to explicitly time out a session due to inactivity, it's possible and not overly difficult. > > > My app requirements can be changed to fit the current method but I can > imagine that there would be need for other projects to implement > expiration as defined above. > > --Ewan > > On Jul 1, 5:20 pm, David Pollak <feeder.of.the.be...@gmail.com> wrote: > > Ewan, > > > > It seems that you've done your tests with a browser open to a page in > your > > Lift app. It seems to me that you don't want to time out a session > unless > > the user's browser is no longer looking at a page in the app. Is this in > > line with your expectations/use case? > > > > Thanks, > > > > David > > > > > > > > On Wed, Jul 1, 2009 at 5:08 AM, Ewan <ehar...@gmail.com> wrote: > > > > > My use case is that I want to "save" anonymous users' (users that have > > > not logged on or registered) baskets in the session and don't care if > > > they are removed after a period of inactivity. In fact I would like > > > the session to be expired after a while to encourage the user to sign > > > up which if they do they get the benefit that the basket is persisted. > > > > > --Ewan > > > > > On Jul 1, 12:59 pm, "marius d." <marius.dan...@gmail.com> wrote: > > > > You answered your own question :) ... Yes that is Lift GC mechanism. > > > > You can of course turn it off in Boot by calling .... > > > > LiftRules.enableLiftGC=false but I would not recommend it. > > > > > > Is there a real use case why you need this or just tying to figure > out > > > > how Lift works ? > > > > > > Br's, > > > > Marius > > > > > > On Jul 1, 2:42 pm, Ewan <ehar...@gmail.com> wrote: > > > > > > > Thanks Marius > > > > > > > I basically wound the session timeout down to 5 mins in the web.xml > > > > > and left it for about 30 mins but the sessionVar was still full. > Even > > > > > after some hours of no use it was the same. There is this constant > > > > > ajax_request pinging going on - related? > > > > > > > -- Ewan > > > > > > > On Jul 1, 12:32 pm, "marius d." <marius.dan...@gmail.com> wrote: > > > > > > > > LiftSession is bound to HttpSession through > > > HttpSessionBindingListener > > > > > > and HttpSessionActivationListener > > > > > > > > This means that when the HTTP session terminates LiftSession will > > > also > > > > > > terminate. To verify your SessionVar that the session was purged > you > > > > > > can implement > > > > > > > > override protected def onShutdown(session: CleanUpParam): Unit = > { > > > > > > ... > > > > > > > > } > > > > > > > > where in case of SessionVar the session parameter is really a > > > > > > LiftSession. > > > > > > > > The LiftSession timeout is given by > > > > > > HttpSession.getMaxInactiveInterval ... if that period is exceeded > the > > > > > > LiftSession is unbound from the HttpSession. Does not necessary > means > > > > > > that the HttpSession is removed by container ust that LiftSession > is > > > > > > terminated. > > > > > > > > But is the problem the fact that HttpSession expired but you > still > > > had > > > > > > the context in the SessionVar? > > > > > > > > Br's, > > > > > > Marius > > > > > > > > On Jul 1, 12:47 pm, Ewan <ehar...@gmail.com> wrote: > > > > > > > > > I have recently started using a SessionVar and am quite happy > to > > > have > > > > > > > the session wiped after some predefined interval. As an > experiment > > > I > > > > > > > changed the session timeout in the web.xml a la Java Servlets > but > > > this > > > > > > > had no effect running on jetty and since I have read that a > > > SessionVar > > > > > > > is not just a wrapper around javax.servlet.http.HttpSession. > My > > > > > > > question is then how can I configure the timeout interval? > > > > > > > > > -- Ewan > > > > -- > > Lift, the simply functional web frameworkhttp://liftweb.net > > Beginning Scalahttp://www.apress.com/book/view/1430219890 > > Follow me:http://twitter.com/dpp > > Git some:http://github.com/dpp > > > > -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---