I am trying to make a servlet that doesn't extend the session when accessed
and it looked like the system property "org.apache.catalina.core.
StandardHostValve.ACCESS_SESSION" could do job.

To test it out I created a simple project in Netbeans 8.1 with Tomcat
8.5.20 on Windows 10. In the project I have 2 servlets: servletA creates a
session and outputs some HTML, servletB only outputs HTML and doesn't call

When I request servletA  a session is created and each time I request it
again, the last accessed time is updated.
When I request servletB which doesn't call getSession(), the last accessed
time is updated as well.

Note: I'm using the out-of-the box server.xml and other configuration files
and there are no filters that call getSession().

If I'm reading the documentation correctly, when set to true is will always
update the last accessed time even if getSession() wasn't called. By
default ACCESS_SESSION is false because STRICT_SERVLET_COMPLIANCE is not
set/false. My question is what is the expected behaviour when it's set to
false? I was expecting servletB to not update the last accessed time.


Reply via email to