tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aggarwal, Ajay" <>
Subject RE: how to keep session alive on the server side
Date Tue, 23 Nov 2010 20:42:43 GMT
I guess I need to explain my situation little better. It is slightly complicated so bear with

I have 2 types of servlets. Type-1 servlets make use of sessions (using JSESSIONID cookie)
and type-2 servlets do not use JSESSIONID cookie and instead implement some API specs which
require the authentication token to be passed by the client as part of each request (request
here is XML in the body of HTTP request). They are part of same Tomcat application because
my clients are mix clients which make use of functionality provided by both type of servlets.

These mix clients first login using a type-1 servlet. As part of the successful login, they
get an authentication token back, which is HTTP session's id. These clients use this token
(in XML request) when they talk to type-2 servlets. I have implemented a session listener
to keep track of authenticated HTTP sessions in type-1 servlets.  So the type-2 servlets are
able to validate the authentication token with my session listener.

I had to tell all this background to clarify that my long duration request does not directly
come on the session that I need to keep alive. Instead this long duration request comes on
type-2 servlet. Note that type-2 servlets do not use JSESSIONID cookie. And my challenge is
to keep the corresponding HTTP session alive, the one that maps to the given authentication
token from this long duration request.

So I was hoping for something like "httpSession.setLastAccessTime (now)"... or some other

-----Original Message-----
From: André Warnier [] 
Sent: Tuesday, November 23, 2010 2:47 PM
To: Tomcat Users List
Subject: Re: how to keep session alive on the server side

Aggarwal, Ajay wrote:
> I have a situation where client 

what kind of client ?

enters a long duration request

do you mean that the request takes a long time to send to the server, or that the server 
will take a long time to respond ?

and I
> need to keep the session alive for the client 

? or for the server ?

while this long duration
> request is going on.  Since this long duration request could be hours, I
> do not want to change the default HTTP session timeout value. I also do
> not want to put the burden on the client to keep his session alive in
> the background (by making dummy requests).
> I want to be able to handle it inside tomcat, if possible. Is there a
> way to manipulate the lastAccessTime on the session object?

What I mean with the above is : if the client is a browser, and he sends a short request,

and the server takes a long time to respond, then the browser will time out after a few 
minutes (4-5) and display an error page, thinking that the server is down.

On the other hand, if your concern is that the server may time out the client session, 
while it is still processing the client request, then it should not do that.
It should only start timing the client inactivity after it has responded to the request, no

See servlet Specification v 3.0, sections 7.5 & 7.6.

"The session invalidation will not take effect until all
servlets using that session have exited the service method."

My interpretation of this is that the session timeout only counts *between* requests, not

while a request is still being processed.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message