tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Gordon <>
Subject Session expiration and AJAX issues
Date Mon, 25 Feb 2008 16:04:56 GMT
A couple of issues:

We've set our session expiration to 12 hours (I know it's long) and 
we're seeing behavior where certain browsers (namely IE) apparently 
can't count that high (we set the meta Refresh header but the page 
doesn't reload after the allotted time, session expiration time + 20 

Since this issue was discovered, we've added background AJAX timers on 
some of our web pages that refresh (authenticated) content.  While this 
happily works, unfortunately, if the user chooses to remain on one of 
these pages, and then goes on vacation, the session stays active because 
the AJAX calls keep the session alive.

Our first attempt at a solution was to have a JavaScript counter that, 
after every 20 minutes, incremented a counter and if that counter ever 
got to 37, we knew that the user hadn't changed web pages and we could 
log them out (window.location = <logout URL>.  The problem is that this 
doesn't appear to work either and additionally, it relies on JavaScript 
bypassing Tomcat's built-in features.  User's cannot log in w/o having 
JavaScript enabled, so it's not a matter of a user potentially disabling 
it, rather it puts the onus on the browser to inform the server that the 
user's session needs to be expired.

Does anyone have experience in this area and if so, how have you solved 
this problem?  I know Google uses AJAX with their Gmail webapp, but they 
don't seem to care about not expiring the user's session.  Any help 
would be appreciated.



To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message