On 10/09/17 01:53, Kwan Lim wrote: > Hi, > > I am trying to make a servlet that doesn't extend the session when accessed > and it looked like the system property "org.apache.catalina.core. > StandardHostValve.ACCESS_SESSION" could do job. > > To test it out I created a simple project in Netbeans 8.1 with Tomcat > 8.5.20 on Windows 10. In the project I have 2 servlets: servletA creates a > session and outputs some HTML, servletB only outputs HTML and doesn't call > request.getSession(). > > When I request servletA a session is created and each time I request it > again, the last accessed time is updated. > When I request servletB which doesn't call getSession(), the last accessed > time is updated as well. > > Note: I'm using the out-of-the box server.xml and other configuration files > and there are no filters that call getSession(). > > If I'm reading the documentation correctly, when set to true is will always > update the last accessed time even if getSession() wasn't called. By > default ACCESS_SESSION is false because STRICT_SERVLET_COMPLIANCE is not > set/false. My question is what is the expected behaviour when it's set to > false? I was expecting servletB to not update the last accessed time.
I think your test case may be the cause of this. I have performed a similar test with the Tomcat ROOT web application monitoring session last accessed time via the Manager application and I do not see the behaviour you see. When I call a page that does not call getSession(), the last accessed time remains unchanged. When I call a page that does call getSession(), the last accessed time is updated. Various components can trigger a call to getSession(). I suspect that something is doing this that you aren't aware of. Personally I'd use remote debugging to put a break point on getSession() and find out what is triggering that call. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
