[Lift] Re: Setting Session Timeout?
LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Setting Session Timeout?
Thanks Marius I basically wound the session timeout down to 5 mins in the web.xml and left it for about 30 mins but the sessionVar was still full. Even after some hours of no use it was the same. There is this constant ajax_request pinging going on - related? -- Ewan On Jul 1, 12:32 pm, marius d. marius.dan...@gmail.com wrote: LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Setting Session Timeout?
You answered your own question :) ... Yes that is Lift GC mechanism. You can of course turn it off in Boot by calling LiftRules.enableLiftGC=false but I would not recommend it. Is there a real use case why you need this or just tying to figure out how Lift works ? Br's, Marius On Jul 1, 2:42 pm, Ewan ehar...@gmail.com wrote: Thanks Marius I basically wound the session timeout down to 5 mins in the web.xml and left it for about 30 mins but the sessionVar was still full. Even after some hours of no use it was the same. There is this constant ajax_request pinging going on - related? -- Ewan On Jul 1, 12:32 pm, marius d. marius.dan...@gmail.com wrote: LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Setting Session Timeout?
Well I think I can commit something very simple that could help you, Currently session expiration mechanism considered only the time threshold ... but the lift GC is keeping it alive. So we can have LiftSession#terminateHint function that just marks a flag on this LiftSession. SessionMaster can consider this and purge the session properly at the next sessions scan. So you can have an actor where you're sending messages via ActorPing such as: ActorPing schedule(MyActor, Purge(S.session), 120 seconds) When you receive the Purg message on the received LiftSession just call session.terminateHint. (Note that S.session is a Box [LiftSession]) The questions would be when am I going to do this scheduling? ... Well probably right after you are setting a value on your SessionVar. If someone has any objections about this please do let me know. Otherwise I could probably commit this today. Br's, Marius On Jul 1, 3:08 pm, Ewan ehar...@gmail.com wrote: My use case is that I want to save anonymous users' (users that have not logged on or registered) baskets in the session and don't care if they are removed after a period of inactivity. In fact I would like the session to be expired after a while to encourage the user to sign up which if they do they get the benefit that the basket is persisted. --Ewan On Jul 1, 12:59 pm, marius d. marius.dan...@gmail.com wrote: You answered your own question :) ... Yes that is Lift GC mechanism. You can of course turn it off in Boot by calling LiftRules.enableLiftGC=false but I would not recommend it. Is there a real use case why you need this or just tying to figure out how Lift works ? Br's, Marius On Jul 1, 2:42 pm, Ewan ehar...@gmail.com wrote: Thanks Marius I basically wound the session timeout down to 5 mins in the web.xml and left it for about 30 mins but the sessionVar was still full. Even after some hours of no use it was the same. There is this constant ajax_request pinging going on - related? -- Ewan On Jul 1, 12:32 pm, marius d. marius.dan...@gmail.com wrote: LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Setting Session Timeout?
Ewan, It seems that you've done your tests with a browser open to a page in your Lift app. It seems to me that you don't want to time out a session unless the user's browser is no longer looking at a page in the app. Is this in line with your expectations/use case? Thanks, David On Wed, Jul 1, 2009 at 5:08 AM, Ewan ehar...@gmail.com wrote: My use case is that I want to save anonymous users' (users that have not logged on or registered) baskets in the session and don't care if they are removed after a period of inactivity. In fact I would like the session to be expired after a while to encourage the user to sign up which if they do they get the benefit that the basket is persisted. --Ewan On Jul 1, 12:59 pm, marius d. marius.dan...@gmail.com wrote: You answered your own question :) ... Yes that is Lift GC mechanism. You can of course turn it off in Boot by calling LiftRules.enableLiftGC=false but I would not recommend it. Is there a real use case why you need this or just tying to figure out how Lift works ? Br's, Marius On Jul 1, 2:42 pm, Ewan ehar...@gmail.com wrote: Thanks Marius I basically wound the session timeout down to 5 mins in the web.xml and left it for about 30 mins but the sessionVar was still full. Even after some hours of no use it was the same. There is this constant ajax_request pinging going on - related? -- Ewan On Jul 1, 12:32 pm, marius d. marius.dan...@gmail.com wrote: LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Setting Session Timeout?
H I understand the issue/feature now... where by if the page remains open then the session is kept alive by the ajax request which is a feature and it could be argued that for almost all cases this would be what is required. I believe there is a use case for wanting the session to expire after a predefined interval though - thinking secure apps such as banking or email. I know my bank irritates the hell out of me by logging me off after a period of inactivity though this might not be implemented via HttpSession but instead they persist a timestamp of the last request and compare with the current request time. My app requirements can be changed to fit the current method but I can imagine that there would be need for other projects to implement expiration as defined above. --Ewan On Jul 1, 5:20 pm, David Pollak feeder.of.the.be...@gmail.com wrote: Ewan, It seems that you've done your tests with a browser open to a page in your Lift app. It seems to me that you don't want to time out a session unless the user's browser is no longer looking at a page in the app. Is this in line with your expectations/use case? Thanks, David On Wed, Jul 1, 2009 at 5:08 AM, Ewan ehar...@gmail.com wrote: My use case is that I want to save anonymous users' (users that have not logged on or registered) baskets in the session and don't care if they are removed after a period of inactivity. In fact I would like the session to be expired after a while to encourage the user to sign up which if they do they get the benefit that the basket is persisted. --Ewan On Jul 1, 12:59 pm, marius d. marius.dan...@gmail.com wrote: You answered your own question :) ... Yes that is Lift GC mechanism. You can of course turn it off in Boot by calling LiftRules.enableLiftGC=false but I would not recommend it. Is there a real use case why you need this or just tying to figure out how Lift works ? Br's, Marius On Jul 1, 2:42 pm, Ewan ehar...@gmail.com wrote: Thanks Marius I basically wound the session timeout down to 5 mins in the web.xml and left it for about 30 mins but the sessionVar was still full. Even after some hours of no use it was the same. There is this constant ajax_request pinging going on - related? -- Ewan On Jul 1, 12:32 pm, marius d. marius.dan...@gmail.com wrote: LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Git some:http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Setting Session Timeout?
On Wed, Jul 1, 2009 at 12:24 PM, Ewan ehar...@gmail.com wrote: H I understand the issue/feature now... where by if the page remains open then the session is kept alive by the ajax request which is a feature and it could be argued that for almost all cases this would be what is required. I believe there is a use case for wanting the session to expire after a predefined interval though - thinking secure apps such as banking or email. I know my bank irritates the hell out of me by logging me off after a period of inactivity though this might not be implemented via HttpSession but instead they persist a timestamp of the last request and compare with the current request time. There are ways to do this in Lift (both with client-side JavaScript which would be my preference and with some server-side interception of requests along-side a timer). At least BofA does it with a client-side timer that pops up a JS window. Anyway, if you wanted to explicitly time out a session due to inactivity, it's possible and not overly difficult. My app requirements can be changed to fit the current method but I can imagine that there would be need for other projects to implement expiration as defined above. --Ewan On Jul 1, 5:20 pm, David Pollak feeder.of.the.be...@gmail.com wrote: Ewan, It seems that you've done your tests with a browser open to a page in your Lift app. It seems to me that you don't want to time out a session unless the user's browser is no longer looking at a page in the app. Is this in line with your expectations/use case? Thanks, David On Wed, Jul 1, 2009 at 5:08 AM, Ewan ehar...@gmail.com wrote: My use case is that I want to save anonymous users' (users that have not logged on or registered) baskets in the session and don't care if they are removed after a period of inactivity. In fact I would like the session to be expired after a while to encourage the user to sign up which if they do they get the benefit that the basket is persisted. --Ewan On Jul 1, 12:59 pm, marius d. marius.dan...@gmail.com wrote: You answered your own question :) ... Yes that is Lift GC mechanism. You can of course turn it off in Boot by calling LiftRules.enableLiftGC=false but I would not recommend it. Is there a real use case why you need this or just tying to figure out how Lift works ? Br's, Marius On Jul 1, 2:42 pm, Ewan ehar...@gmail.com wrote: Thanks Marius I basically wound the session timeout down to 5 mins in the web.xml and left it for about 30 mins but the sessionVar was still full. Even after some hours of no use it was the same. There is this constant ajax_request pinging going on - related? -- Ewan On Jul 1, 12:32 pm, marius d. marius.dan...@gmail.com wrote: LiftSession is bound to HttpSession through HttpSessionBindingListener and HttpSessionActivationListener This means that when the HTTP session terminates LiftSession will also terminate. To verify your SessionVar that the session was purged you can implement override protected def onShutdown(session: CleanUpParam): Unit = { ... } where in case of SessionVar the session parameter is really a LiftSession. The LiftSession timeout is given by HttpSession.getMaxInactiveInterval ... if that period is exceeded the LiftSession is unbound from the HttpSession. Does not necessary means that the HttpSession is removed by container ust that LiftSession is terminated. But is the problem the fact that HttpSession expired but you still had the context in the SessionVar? Br's, Marius On Jul 1, 12:47 pm, Ewan ehar...@gmail.com wrote: I have recently started using a SessionVar and am quite happy to have the session wiped after some predefined interval. As an experiment I changed the session timeout in the web.xml a la Java Servlets but this had no effect running on jetty and since I have read that a SessionVar is not just a wrapper around javax.servlet.http.HttpSession. My question is then how can I configure the timeout interval? -- Ewan -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Git some:http://github.com/dpp -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to