-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam,
What you need is to make a request without "touching" the session.
Tomcat cannot do this by itself; you're going to have to either hack
Tomcat to add a "no-touch-session" parameter to the session manager
(which wouldn't be a bad TC enhancement request, actually), or pass your
session information in a different way through your AJAX calls (say,
using "mysessionid" as a request parameter, and be sure that the
JSESSIONID cookie is /not/ sent - which might be quite difficult).
The second option is rife with complexity, because then you need to have
your server-side AJAX stuff take the session id and look it up in a
self-managed cache of sessions (see HttpSessionListener), etc., etc., etc.
Here's another option that might not be /quite/ as nasty, but it's still
a pretty bad hack:
1. Invent a new request parameter called "noTouchSession" and add
~ &noTouchSession=true to all of your AJAX calls.
2. Write a Filter that looks something like this:
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain)
{
~ HttpServletRequest hReq = (HttpServletRequest)req;
~ HttpSession session = hReq.getSession(false);
~ if(null != session)
~ {
~ Date expirationDate =
~ (Date)session.getAttribute("expirationDate");
~ if(expirationDate.before(new Date())
~ {
~ // probably want to log this event
~ session.invalidate();
~ session=null;
~ }
~ else
~ {
~ if("true".equalsIgnoreCase(hReq.getParameter("noTouchSession")))
~ {
~ // Do nothing; don't update the session timestamp
~ }
~ else
~ {
~ session.setAttribute("expirationDate",
~ new Date(System.currentTimeMillis() +
~ session.getMaxInactiveInterval() / 1000));
~ }
~ }
~ }
~ chain.doFilter(req, resp);
}
What this will do is essentially simulate session timeouts using an
attribute /you/ store in the session instead of relying on the
container. The container will still do all the real work of session
management, which is nice.
Since your AJAX requests will add the magic parameter that doesn't touch
the session timeout, your session will eventually time out (using this
mechanism, not that of the container).
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfDJY0ACgkQ9CaO5/Lv0PB/7gCdFap7ZW3RZNxrlewwBmtNtwpH
Yr0AoKdYyaGjZkWzUtORawePA+xOFTlX
=uSL3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
