tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Gordon <adam.gor...@readytalk.com>
Subject Re: Session expiration and AJAX issues
Date Tue, 26 Feb 2008 15:12:32 GMT
Not easily.  See Christopher's response in this thread chain.  There is
not currently a way to not tell Tomcat that a request has come in and
not update the last ping time (or similar) on the Session.


Jason Pyeron wrote:
>  
>
>   
>> -----Original Message-----
>> From: Adam Gordon [mailto:adam.gordon@readytalk.com] 
>> Sent: Monday, February 25, 2008 13:11
>> To: Tomcat Users List
>> Subject: Re: Session expiration and AJAX issues
>>
>> Martin-
>>
>> We are using Struts, however, version 1.2.9.  But, after 
>> looking at the 
>> link, I'm not sure this will help as it doesn't really address the 
>> problem.  Storing the date/time a user logs in on the session is 
>> probably useful, but our problem is that we want to 
>> forcefully log the 
>> user out if there's no human present at the computer and the 
>> AJAX tasks 
>> keep a user's session active indefinitely, whether or not 
>> they mean it to.
>>     
>
> Can url patterns be excluded from session prolonging magic?
>
>   
>> Additionally, assuming we didn't have the AJAX tasks, we'd 
>> have to check 
>> the logged in time from the session on every request and 
>> that's just not 
>> realistic when you have hundreds of Struts actions, even with 
>> a unique 
>> parent Action class.  That said, I'm beginning to suspect 
>> that this may 
>> be the only way to go, i.e., have  base Action for Struts actions and 
>> base action for AJAX actions.  My only issue with this is 
>> that then the 
>> onus is on the developer to use the right Action and if they don't, a 
>> session could inadvertently be left open which is a security risk.
>>
>> Alternatively, we could simply force the logout on the user after 12 
>> hours period...which would kind of suck for the user if they 
>> were in the 
>> middle of something and so I can almost guarantee that our product 
>> management team wouldn't go for it since it's not really creating a 
>> positive user experience.
>>
>> --adam
>>     
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message