----- Original Message ----- From: "Amy Roh" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Monday, April 26, 2004 6:07 PM
Subject: wrong timeIdel value in StandardSession
The following patch causes regression where sessions don't expire when it should. I have a test app that does refresh every 70 sec. When I set timeout to 2 minute - the session *never* expires.
I see the change to be not so much a regression as a bug-fix :). Your app is accessing the session every 70 sec, so the session is never idle for the required 2 min to allow it to expire.
I see on Remy's commit that "Ths patch needs to be tested for possible regressions". The test jsp actually checks if the session expired after timeout and alerts when refreshed. I am attaching the jsp.
cvs diff -r 1.26 -r 1.27 StandardSession.java
587c587 < int timeIdle = (int) ((timeNow - lastAccessedTime) / 1000L); ---
int timeIdle = (int) ((timeNow - thisAccessedTime) / 1000L);
I have added some debugging statements and found the following.
setMaxInactiveInterval 120 timeIdle now 0 timeIdle before 0 timeIdle now 36 timeIdle before 36 timeIdle now 116 timeIdle before 186 WOULD HAVE EXPIRED WITH OLD TIMEIDLE timeIdle now 70 timeIdle before 70 timeIdle now 0 timeIdle before 70 timeIdle now 26 timeIdle before 96 timeIdle now 70 timeIdle before 140 WOULD HAVE EXPIRED WITH OLD TIMEIDLE timeIdle now 0 timeIdle before 70 timeIdle now 16 timeIdle before 86 timeIdle now 70 timeIdle before 140 WOULD HAVE EXPIRED WITH OLD TIMEIDLE timeIdle now 0 timeIdle before 70 timeIdle now 6 timeIdle before 76 timeIdle now 66 timeIdle before 137 WOULD HAVE EXPIRED WITH OLD TIMEIDLE timeIdle now 70 timeIdle before 140 WOULD HAVE EXPIRED WITH OLD TIMEIDLE timeIdle now 0 timeIdle before 70 timeIdle now 56 timeIdle before 127 WOULD HAVE EXPIRED WITH OLD TIMEIDLE
Let me know what you think....
Thanks, Amy
I propose to revert the patch.
I'm -1 on reverting unless you can explain why you think that the previous behavior is correct wrt the spec. And, no, the fact that this bug has been in every version of Tomcat back to at least 3.2.x isn't good enough ;-).
Thanks, Amy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
------------------------------------------------------------------------
This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments.
In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail.
------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<?xml version="1.0" ?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<session-config>
<session-timeout>2</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
