tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Simon <>
Subject Re: Session expiration and AJAX issues
Date Mon, 25 Feb 2008 16:41:54 GMT

> We've set our session expiration to 12 hours (I know it's long) and 
> we're seeing behavior where certain browsers (namely IE) apparently 
> can't count that high (we set the meta Refresh header but the page 
> doesn't reload after the allotted time, session expiration time + 20 
> minutes).

Are you saying that certain browser will never expire their sessions? Or are you saying that
certain browsers kill their sessions before 12 hours (because they can't count that high)?

> Since this issue was discovered, we've added background AJAX timers on 
> some of our web pages that refresh (authenticated) content.  While this 
> happily works, unfortunately, if the user chooses to remain on one of 
> these pages, and then goes on vacation, the session stays active because 
> the AJAX calls keep the session alive.

The way I understand it - you are using ajax to keep a session alive. Why not set the session
expiration to live as long as the browser is open, or for some other length of time? The session
mechanism should work. I don't understand the need to hack sessions using ajax.

> it puts the onus on the browser to inform the server that the 
> user's session needs to be expired.

Isn't that part of the browser's job?

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message