tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Detecting and handling session timout
Date Wed, 28 Apr 2004 17:16:31 GMT


>Our technical challenge is that when a session is left inactive in a
>for a long time (about 30 minutes)
>then the next click results in a jsp page crash.
>The crash is a null pointer exception, apparently because an object in
>javabean has become null.

Solidify your understanding of this: figure out which object or
attribute became null, and why it's causing the crash.  Then you can
make your JSP page (or bean) more robust by correctly handling the null
value case, e.g. by redirecting to a login page.

>Is there a way to avoid this?

You can turn off session timeouts by specifying a timeout value of 0 in
the web.xml file.  If you're unsure about the web.xml contents or
syntax, including those for controlling sessions, see the Servlet

The 0 timeout approach is usually not recommended however, as it means
resources associated with sessions will never be freed.  You should
strongly consider simply making your app more robust as described above
to correctly handle timed out sessions.

>In other words we want to do an asynchronous action from within the
>pushed out to the client.

Good luck.

>However in testing so far we can only detect the creation of the
>not its death.
>In other words, the sessionCreated() part of the interface is being
>by the system, but not
>the sessionDestroyed().

sessionDestroyed does not necessarily correlated with session
invalidation.  sessionDestroyed will get executed eventually, but it may
be a while after invalidation or timeout: it's up to the container.
Consider the HttpSessionActivationListener instead.

Yoav Shapira

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message