On Sun, 20 Mar 2011 15:40:48 +0100, André Warnier wrote:
sebb wrote:
On 20 March 2011 11:19, André Warnier <a...@ice-sa.com> wrote:
sol myr wrote:
Hi,
We have a Servelts/JSP application Tomcat6.
Our javascripts issues automatic, periodic polling requests (Ajax
and
Comet), in order to keep the view up-to-date.
Unfortunately this prevents sessions from timing out...
Is there a way to tell Tomcat that some URL shouldn't affect
session
timeouts?
Namely if for the last 30 minutes, the browser requested nothing
but
"http://server/autoRefresh.do" , then Tomcat should assume the
user went
away from the computer, and kill the session.
You may have to explain the logic of this a bit better, because on
the face
of it, it makes no sense.
Presumably, if you create a session, it is because the application
needs a
session (aka, needs some information to be preserved between
individual
requests of the same user/browser).
Then why would you want it to time out ?
This is the sort of behaviour one wants for online banking - the
session should be logged out if the user does not do anything for a
while, even though the page may be doing background requests.
Allright then, I'll buy that, if somewhat reluctantly.
The creation or retrieval of a session, as far as I understand it, is
totally under application control.
In other words, if your servlet (or JSP), when it is called, executes
a HttpServletRequest.getSession() call, then it will retrieve the
existing session (or create one if none exists yet); and if it does
not call getSession(), it will not.
If the browser sends a session-id, tomcat will touch the session and
mark it as alive.
I remember a similar thread not long ago, but I can't find it in the
archives. I could
find a similar thread from 2008 where Christopher gave some answers to
this problem[1].
If OP knows the url-pattern for all its ajax-request, that should be
ignored for
session-keepalive, the parameter in the filter could be dropped. He
would just have to
limit the filter to that url.
Regards
Felix
[1]
http://old.nabble.com/Session-expiration-and-AJAX-issues-td15671248.html
In other words, if you want some requests URLs "not to count" (or "be
excluded") as far as the session mechanism is concerned, then you
just
have to map these requests (URLs) to a servlet/JSP page which does
not
do a getSession().
Of course, if in order to refresh the information in the browser
page, the application needs to access information stored in the
session, then you have a problem.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org