tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murthy Gorty <>
Subject Session-expiry bug v2.0
Date Wed, 14 Feb 2001 18:09:18 GMT

I posted a question last week about this and I'm including
the conclusions of that posting anticipating more responses.. :-) I'm using 
tomcat 3.2.1 final release.

Tomcat's check for Session Expiry happens in a background thread 
(StandardManager::processExpires()) that calls 
Session.getLastAccessedTime() to find the inactive interval for that 

But, getLastAccessedTime() returns the time of the request prior to the 
last one.. This makes sense as a servlet would be interested in it. Servlet 
specification for 2.3 clarifies this.

But, when checking for session-expiry, getLastAccessedTime() would create a 
problem as the user's last accessed time would be ignored.
So, for example, if the timeout is set to 30 mins and the user accesses the 
session at 10:30 and 10:50, his access at 10:50 would be ignored and the 
session would expire after 11:00.

Would this get fixed with the next release? Am I missing something? I'm 
fairly new to this list, so any responses with thoughts, process to get 
this fixed would be greatly appreciated.


_________________________________________________________________ Transform Your E-mail into an Online Office

View raw message