tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Session-expiry bug? getLastAccessedTime
Date Sat, 10 Feb 2001 20:52:24 GMT
Kief Morris wrote:

> Murthy Gorty typed the following on 09:59 AM 2/9/2001 -0800
> >I noticed a problem with session timeouts in Tomcat3.2.1
> >The background thread that recycles sessions based on timeouts uses
> >Session.getLastAccessedTime().
> >The session object itself has two variables
> >lastAccessedTime and thisAccessedTime.
> >-----------------------------------------
> >    public long getLastAccessedTime()
> >    {
> >       return (this.lastAccessedTime);
> >    }
> >--------------------------------------------
> >lastAccessedTime is the time a request is made BEFORE the present request.
> >So, getLastAccessedTime is the time of the (last-1)request
> >and not the last request.
> >
> >Isnt this a bug? shouldnt getLastAccessedTime return
> >thisAccesstime?
> I haven't looked at this code in detail, but my thoughts on this are:
> getLastAccessedTime() needs to return the (last - 1) during a request,
> or it won't behave correctly for servlet code. After a request is finished,
> lastAccessedTime should be updated to = thisAccessTime, so
> getLastAccessedTime() will return the time of the last request when
> checked by the expiration code. Is this not the case?

This was discussed by the expert group for servlet 2.3, and Kief's
understanding is what we came up with.  In addition, that is what Section 7.6
says in 2.3 PFD (emphasis is added):

    The getLastAccessedTime method of the HttpSession interface
    allows a servlet to determine the last time the session was
    accessed BEFORE the current request.

Other subtleties:

* The access time should be updated at the beginning of the request,
  rather than the end.

* The session is considered "accessed" when the container recognizes
  that the request is part of a valid session, even if the application never
  calls request.getSession() on that particular request.

> Kief


View raw message