tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Session timeouts: ignore "periodic polling" URL?
Date Sun, 20 Mar 2011 14:40:48 GMT
sebb wrote:
> On 20 March 2011 11:19, André Warnier <aw@ice-sa.com> wrote:
>> sol myr wrote:
>>> Hi,
>>>
>>> We have a Servelts/JSP application Tomcat6.
>>> Our javascripts issues automatic, periodic polling requests (Ajax and
>>> Comet), in order to keep the view  up-to-date.
>>> Unfortunately this prevents sessions from timing out...
>>>
>>> Is there a way to tell Tomcat that some URL shouldn't affect session
>>> timeouts?
>>> Namely if for the last 30 minutes, the browser requested nothing but
>>> "http://server/autoRefresh.do" , then Tomcat should assume the user went
>>> away from the computer, and kill the session.
>>>
>> You may have to explain the logic of this a bit better, because on the face
>> of it, it makes no sense.
>> Presumably, if you create a session, it is because the application needs a
>> session (aka, needs some information to be preserved between individual
>> requests of the same user/browser).
>> Then why would you want it to time out ?
> 
> This is the sort of behaviour one wants for online banking - the
> session should be logged out if the user does not do anything for a
> while, even though the page may be doing background requests.
> 

Allright then, I'll buy that, if somewhat reluctantly.

The creation or retrieval of a session, as far as I understand it, is totally under 
application control.
In other words, if your servlet (or JSP), when it is called, executes a 
HttpServletRequest.getSession() call, then it will retrieve the existing session (or 
create one if none exists yet); and if it does not call getSession(), it will not.

In other words, if you want some requests URLs "not to count" (or "be excluded") as far as

the session mechanism is concerned, then you just have to map these requests (URLs) to a 
servlet/JSP page which does not do a getSession().

Of course, if in order to refresh the information in the browser page, the application 
needs to access information stored in the session, then you have a problem.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message