Well, usually it's 60 minutes. The 60 second timeout is set when someone
closes the browser without logging out (JavaScript catches the event and
calls a JSP which sets the new session timeout with
session.setMaxInactiveInterval(60)). This is so that if someone loses
their connection to the internet they will be able to continue working
without issue when it comes back (assuming it's back in under an hour).
The timeout is being set by the JSP but is not acted upon.

Perhaps I should explain the use case. Our application maintains a list
who is logged into the system. It also allows people to lock things for
editing. So that people can't lock things and go off on holiday
preventing others from working we unlock anything they have locked and
clear them out of the logged in list when a session is invalidated.
Right now people are just closing the browser and going home and their
colleagues are unable to continue the work the next day. I'd agree that
half the issue is education ("please press logout") but it's also
something we need to be pro-active about.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Ferguson
Sent: 04 December 2008 17:47
To: General Discussion for the Resin application server
Subject: Re: [Resin-interest] Cluster sessions don't expire


On Dec 4, 2008, at 9:31 AM, Richard Grantham wrote:

> Yes, the logout code calls session.invalidate() and it works fine. I 
> have some application logic in SessionListener.sessionDestroyed(...)
> which does some housekeeping after someone presses logout or their 
> session times out, so it's important it's called. I'm finding that the

> session does not time out in the configured time (60 seconds) when, 
> for instance, you close the browser, so 
> SessionListener.sessionDestroyed()
> is not called.

I assume the application is some kind of ajax connection so a 60 second
timeout makes sense?

We might need to do some work to add that kind of precision.  Because
the session timeout was designed when 30 minute timeouts were the norm,
not short values, the session reaping is fairly slow.

I've added a report at http://bugs.caucho.com/view.php?id=3116

-- Scott

>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Scott Ferguson
> Sent: 04 December 2008 16:27
> To: General Discussion for the Resin application server
> Subject: Re: [Resin-interest] Cluster sessions don't expire
>
>
> On Dec 4, 2008, at 2:43 AM, Richard Grantham wrote:
>
>> My woes with clustered sessions and Resin never seem to end!
>>
>> We switched from database-backed sessions to clustered sessions due 
>> to
>
>> issue whereby sessions did not invalidate immediately, which lead to 
>> people logging out and finding themselves still logged in. Now we 
>> find
>
>> that sessions do not expire after the configured period of 
>> inactivity.
>> I'm using Resin-Pro 3.1.7a in a three-node cluster.
>>
>> Is this a known issue or am I able to configure my way out of it?
>
> Does the logout code call session.invalidate()?  Or are you relying on

> the timeout?  invalidate() is the correct, reliable way of closing the

> session, while the timeout is heuristic.
>
> -- Scott
>
>>
>>
>> rgds,
>>
>> Richard
>>
>>
>>
>> Richard Grantham
>> Development
>>
>> -------------------------------
>> [EMAIL PROTECTED]
>> Limehouse Software Ltd
>>
>> DDI: (020) 7566 3336
>> Main: (020) 7566 3320
>> Fax: (020) 7566 3321
>>
>> Limehouse Software Ltd
>> Bridewell Gate
>> 9 Bridewell Place
>> London
>> EC4V 6AW
>>
>> Manchester Office:
>> 3rd Floor, The Triangle, Exchange Square, Manchester M4 3TR
>> Tel: (0161) 240 2440, Fax: (0161) 240 2441, ISDN: 08700 119 400
>>
>> Check out Limehouse Software's innovative solutions 
>> www.limehousesoftware.co.uk - Transforming the way you publish and 
>> consult on information
>>
>> The information contained in this e-mail or in any attachments is 
>> confidential and is intended solely for the named addressee only.
>> Access to this e-mail by anyone else is unauthorised. If you are not 
>> the intended recipient, please notify Limehouse Software Ltd 
>> immediately by returning this e-mail to sender or calling 020 7566 
>> 3320 and do not read, use or disseminate the information. Opinions 
>> expressed in this e-mail are those of the sender and not necessarily 
>> the company. Although an active anti-virus policy is operated, the 
>> company accepts no liability for any damage caused by any virus 
>> transmitted by this e-mail, including any attachments.
>>
>>
>> _______________________________________________
>> resin-interest mailing list
>> resin-interest@caucho.com
>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to