Hi,
I've just started using Apache sessions in 2.4.7, in combination with
mod_auth_form. It is working great. It is fronting a web app running under
SCGI and that part is working fine as well.
On a page that is protected by authentication I have ajax calls to urls
that are also under authentication. The page refreshes the data
periodically (via a timer that reruns the ajax, rerenders the display). An
untended side effect is that the session never expires, since the ajax
calls cause the session expiration to be refreshed. I need the ajax calls
to use the session for authentication, but not refresh the expiration time
(well, I may need to provide an option to let the user keep the session
alive, but by default I think it should eventually expire.) What I would
like to do is supply, say, an http header that would inhibit the refreshing
of the expiration time. I did not find such in the documentation, or the
question posted on the list.
My question is -- is there such an option that I may have missed, or has
any one accomplished this behavior through some other means?
I can work around it by using a separate timer on the page that will
automatically log the user out after a certain amount of time, but would
rather also have a method that works with the native httpd session.
Thanks,
Erik.
