Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 33004 invoked from network); 25 Feb 2008 17:04:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Feb 2008 17:04:16 -0000 Received: (qmail 92461 invoked by uid 500); 25 Feb 2008 17:03:53 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 92418 invoked by uid 500); 25 Feb 2008 17:03:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 92383 invoked by uid 99); 25 Feb 2008 17:03:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Feb 2008 09:03:52 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of adam.gordon@readytalk.com designates 208.50.222.178 as permitted sender) Received: from [208.50.222.178] (HELO apollo.readytalk.com) (208.50.222.178) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Feb 2008 17:03:17 +0000 Received: from [192.168.1.45] ([192.168.1.45]) by apollo.readytalk.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 25 Feb 2008 10:03:04 -0700 Message-ID: <47C2F4D8.5090603@readytalk.com> Date: Mon, 25 Feb 2008 10:03:20 -0700 From: Adam Gordon User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Session expiration and AJAX issues References: <310692.99723.qm@web50202.mail.re2.yahoo.com> In-Reply-To: <310692.99723.qm@web50202.mail.re2.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 25 Feb 2008 17:03:04.0430 (UTC) FILETIME=[4927B0E0:01C877D0] X-Virus-Checked: Checked by ClamAV on apache.org Paul- > Are you saying that certain browser will never expire their sessions? > Or are you saying that certain browsers kill their sessions before 12 > hours (because they can't count that high)? The former, i.e. that browsers will never expire the sessions. > The way I understand it - you are using ajax to keep a session alive. > Why not set the session expiration to live as long as the browser is > open, or for some other length of time? The session mechanism should > work. I don't understand the need to hack sessions using ajax. As indicated from the tone of my original post (see the second sentence of the second paragraph in my original post), are not intentionally using AJAX to keep the session alive - it is a side-effect which we would like to obviate, hence the JavaScript counter. > Isn't that part of the browser's job? Uh, I would have to argue that this is a HUGE no. I think it's VERY obvious to anyone that has done any sort of web development with cross-browser compatibility in mind that browser makers cannot be relied upon to implement ANY sort of common standard in the same way (case and point look at how you instantiate an XmlHttpRequest object in JavaScript across different browsers, not to mention CSS functionality). Besides if it were the browser's job, why would Tomcat even have support for it? It's like making an assumption that user's never leave their browsers open or never click the back button. I think the only thing one can absolutely rely on a user doing in a web application using it in a manner to which one had not considered. So, all that said, is there anyone out there who's had experience with this problem and knows of a solution? Thanks. --adam --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org