tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rom <>
Subject Polling servlet and session expiration - avoid calling request.getSession() ?
Date Sat, 08 Jan 2011 14:14:39 GMT
 hi all,
I have to implement a polling mechanism that repeatedly sends a request
to a servlet.
This servlet doesn't need the user session, and i don't want these
requests to update the session's lastAccessedTime, thus preventing
regular session timeout when the user isn't doing anything else.

I've already had a look at the archives, and found possible solutions
using a filter, and that's ok, but...
i seemed to remember that, in a servlet, you have to call
request.getSession() to "touch" the session and reset the timeout counter.

So, i made a simple test servlet that does not call req.getSession(),
tried under both TC5.5.25 & TC6.0.18, and it seems to work: the session
normally expires when it's time to, ignoring the requests to that servlet.

Now my question is: can this be considered a reliable solution?
The sevlet spec seems to state that the accessed time should be updated
as soon as the request comes in.
Additionally, i've had a look at the sources (5.5.25 & 6.0.18) and found
this comment in org/apache/catalina/

     * Update the accessed time information for this session.  This method
     * should be called by the context when a request comes in for a
     * session, even if the application does not reference it.
    public void access(); i'm afraid the answer is no, but i'd like some "official" advice
about that.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message