tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sharon Prober (sprober)" <spro...@cisco.com>
Subject RE: Session time out never takes place with ajax
Date Tue, 15 Nov 2011 18:46:23 GMT
Ok,

Thanks all for the inputs. I found a hybrid solution for this.
So for future use here goes....

In my application I make sure there is a filter that is called on every hit to the server
"/*"
Next I create a new filter which will handle only calls such as poling and other ajax calls
that do not "postpone" the expiration date of the session.
In the web.xml I can use the <url-pattern> element as a framework hook for each developer
in the application to enter their own "poling" link

The way it works is as follows
1)SessionTimeoutFilter doFilter ....
public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain filterChain) throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;

		HttpSession session = req.getSession(false);
		if (null != session) {
			Date realLastAccessDate = (Date) session
					.getAttribute(SESSION_LAST_ACCESS_IDENTIFIER);
			if (realLastAccessDate == null) {
				realLastAccessDate = new Date();
				session.setAttribute(SESSION_LAST_ACCESS_IDENTIFIER, realLastAccessDate);
			}
			if (realLastAccessDate.before(new Date())) {
				// probably want to log this event
				session.invalidate();
				session = null;
			}

		}
		request.setAttribute(IS_SESSION_TIMEOUT_RESETER,false);
		filterChain.doFilter(request, response);

	}

2)The general filter that is always called...
public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain filterChain) throws IOException, ServletException {
	HttpSession session = hreq.getSession(false);
		if(session!=null && 
				(hreq.getAttribute(SessionTimeoutFilter.IS_SESSION_TIMEOUT_RESETER)==null ||
					 ((Boolean)hreq.getAttribute(SessionTimeoutFilter.IS_SESSION_TIMEOUT_RESETER)).booleanValue())){
            Date expirationDate = new Date(System.currentTimeMillis() + 
                    session.getMaxInactiveInterval()/*seconds*/  * 1000 /*milliseconds*/);

			session.setAttribute(SessionTimeoutFilter.SESSION_LAST_ACCESS_IDENTIFIER, expirationDate);
		}
		
		chain.doFilter(request, response);
}

3) the web.xml... (make sure it’s a the first filter defined!)
    <filter>
         <filter-name>SessionTimeoutFilter</filter-name>
         <filter-class>(the package)SessionTimeoutFilter</filter-class>
        
   </filter>
    <filter-mapping>
        <filter-name>SessionTimeoutFilter</filter-name>
        <url-pattern>/YOUR-URL-PATTERN</url-pattern>
     	 <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>


From this point on any developer can add url patterns that will not postpone the expiration
date simply by adding
<url-pattern>/YOUR-OTHER-URL-PATTERN</url-pattern>

HTH anyone,
	Sharon

-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net] 
Sent: Monday, November 14, 2011 6:17 PM
To: Tomcat Users List
Subject: Re: Session time out never takes place with ajax

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sharon,

On 11/10/11 3:11 AM, Sharon Prober (sprober) wrote:
> I understand it is invoked before the filters, but after
> completion it would arrive to the filter/servlet container anyway.
> So what your saying is that if I build a valve and read information
> from IO file or/db or any other cached data which doesn’t trigger
> a request.getSession That will work?

I think it would help if you explained what your "ping" needs to do.
Basically, if you need session data to do it, you are out of luck. If
you don't need session data, why are you pinging?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7BPvIACgkQ9CaO5/Lv0PD6rQCglhRD4lA4qMaqkybwBXvjeqc1
+LIAn3ARzOKhsdzPqBJ9xkkLYAeIWiXf
=kM6R
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message