tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject HttpSession handling
Date Fri, 02 Jan 2004 09:10:16 GMT
Reading the servlet spec raised a couple of thoughts about http session
handling to my mind. I did verify them, but did not file bug reports.

Should I write a patch for these?

Thought #1

"SRV.7.6 Last Accessed Times
The getLastAccessedTime method of the HttpSession interface allows a servlet
to determine the last time the session was accessed before the current
request. The session is considered to be accessed when a request that is part
of the session is first handled by the servlet container."

Imagine the following situation with four requests in the same session:

Moment 0: Request #0 arrives. The session is initiated.
Moment 1: Request #1 arrives. The request processing performs some long
Moment 2: Request #2 arrives.
Moment 3: Request #3 arrives.
Moment 4: The long operation of the request #1 processing is complete. Request
#1 processing calls session.getLastAccessedTime(). According to the spec the
method should return the time of moment 0 (request #0 was the previous
request before the request #1). Tomcat returns the time of moment 2 (the time
request #2 arrived) instead.

Thought #2

If the session is created by the current request, the
session.getLastAccessedTime() returns the session creation time. Should it
return 0 instead? I'd find it a bit less incorrect.

Thought #3

"SRV.7.5 Session Timeouts
The session invalidation will not take effect until all servlets using that
session have exited the service method."

Tomcat does nothing to ensure this.

To reproduce, set session timeout to 3mins and put the following code to
service method:

HttpSession session = request.getSession();
Thread.sleep(200 * 1000L); // a long operation =)

->IllegalStateException is thrown

Jarno Peltoniemi

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message