Hi,
We are experiencing a strange problem with session timeout.
We run a servlet based web application where the main window refreshes
itself after 25 minutes (1500 secs) if unchanged. The session timeout in
web.xml is set to 30 minutes (1800 secs). The refresh is to keep the
session tracking alive, so the user is not logged out as long as the
main window is open.
In the session we have a single object (params) that implements
HttpSessionBindingListener in order to initialize and cleanup the
params.
Problem:
Run locally (JBuilder6, Tomcat 3.2.3, winXP, java1.4.0, servletAPI 2.2)
and on internal test server (Tomcat 3.2.3 standalone, win2K, java1.4.0,
servletAPI 2.2) sessions are kept alive fine.
But when deployed on our production server (Tomcat 3.2.3 standalone,
win2K, java1.4.0, servletAPI 2.2) the session is unbound after approx.
3300 seconds and following sessions after 1800 seconds..?? (same window
refreshing itself).
I have made a simple test Servlet (see below), which behaves the same
way.
Any input will be much appreciated.
Best regards
HC Hammerstoft
package net.defgo.test;
import javax.servlet.http.*;
import java.io.PrintWriter;
import java.util.Date;
import java.text.SimpleDateFormat;
public class TestServlet extends HttpServlet {
private static final SimpleDateFormat timeFormatter = new
SimpleDateFormat(HH:mm:ss);
//Service the request
public void doGet(HttpServletRequest request, HttpServletResponse
response) {
try {
response.setContentType(text/html);
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
BoundObjectSerializable boSession = (BoundObjectSerializable)
session.getAttribute(boSessionDef);
if (boSession == null) {
boSession = new BoundObjectSerializable(js version);
session.setAttribute(boSessionDef, boSession);
System.out.println(timeFormatter.format(new Date()) + ,
boSession = + boSession + created);
}
System.out.println(timeFormatter.format(new Date()) + , id= +
session.getId());
response.setDateHeader(Expires, 0);
response.setHeader(Pragma, no-cache);
if (request.getProtocol().equals(HTTP/1.1)) {
response.setHeader(Cache-Control, no-cache);
}
out.println(!DOCTYPE HTML PUBLIC \-//W3C//DTD HTML 4.0
Transitional//EN\ \http://www.w3.org/TR/REC-html40/loose.dtd\;);
out.println(html);
out.println(head);
out.println(meta name=\Language\ content=\da,en-us\);
out.println(meta http-equiv=\Content-Type\
content=\text/html; charset=iso-8859-1\);
out.println(script language=\JavaScript\!--);
out.println(var tID = '';\n);
out.println(function executeTimer() {);
out.println( location.href = ' +
response.encodeURL(request.getRequestURI()) + ';);
out.println(});
out.println(//--/script\n);
out.println(/head);
out.println(body onLoad=\tID =
setTimeout('executeTimer()',150)); // 1500 secs = 25 min
out.println(pmsg = + boSession.getSomething() + /p);
out.println(/body);
out.println(/html);
out.close();
} catch (Exception e) {
e.printStackTrace(System.out);
} // catch
}
}
package net.defgo.test;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionBindingEvent;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.io.Serializable;
public class BoundObjectSerializable implements
HttpSessionBindingListener, Serializable {
private static final SimpleDateFormat timeFormatter = new
SimpleDateFormat(HH:mm:ss);
private String something = null;
private int counter;
private long started;
public BoundObjectSerializable(String something) {
this.something = something;
started = System.currentTimeMillis();
}
public String getSomething() {
return something + counter= + counter++ + session duration =
+ (System.currentTimeMillis() - started)/1000 + secs;
}
public void valueBound (HttpSessionBindingEvent event) {
System.out.println (timeFormatter.format(new Date()) + ,
valueBound: I've been bound to \ + event.getName () + \ for session
id: + (event.getSession()).getId ());
}
public void valueUnbound (HttpSessionBindingEvent event) {
System.out.println (timeFormatter.format(new Date()) + ,
valueUnbound: I've been unbound from \ + event.getName () + \ for
session id: + (event.getSession ()).getId () + session duration =
+ (System.currentTimeMillis() - started)/1000 + secs );
}
}
which outputs something like this:
13:43:05, valueBound: I've been bound to boSessionDef for session id:
g5atkj09w1
13:43:05, boSession = net.defgo.test.BoundObjectSerializable@d7bd04
created
13:43:05, id=g5atkj09w1
14:08:06, id=g5atkj09w1
14:33:06, id=g5atkj09w1
14:39:00, valueUnbound: I've been unbound from boSessionDef for
session id: g5atkj09w1 session duration = 3354 secs
14:58:06, valueBound: I've been bound to boSessionDef for session id:
