tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Polling servlet and session expiration - avoid calling request.getSession() ?
Date Sat, 08 Jan 2011 23:52:55 GMT
2011/1/8 rom <aldrop8@gmail.com>:
>  hi all,
> I have to implement a polling mechanism that repeatedly sends a request
> to a servlet.
> This servlet doesn't need the user session, and i don't want these
> requests to update the session's lastAccessedTime, thus preventing
> regular session timeout when the user isn't doing anything else.
>
> (...)
> So, i made a simple test servlet that does not call req.getSession(),
> tried under both TC5.5.25 & TC6.0.18, and it seems to work: the session
> normally expires when it's time to, ignoring the requests to that servlet.
>
> Now my question is: can this be considered a reliable solution?
> The sevlet spec seems to state that the accessed time should be updated
> as soon as the request comes in.

As [1] mentions, it depends on whether the following system property
is set to "true":
org.apache.catalina.STRICT_SERVLET_COMPLIANCE

[1] http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html#Specification

So, yes, your solution is unreliable.

>  i don't want these requests to update the session's lastAccessedTime

I think that such a requirement is rare.

It is easy to implement it if you move your servlet into a separate webapp

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message