Not easily. See Christopher's response in this thread chain. There is
not currently a way to not tell Tomcat that a request has come in and
not update the last ping time (or similar) on the Session.
Jason Pyeron wrote:
-----Original Message-----
From: Adam Gordon [mailto:[EMAIL PROTECTED]
Sent: Monday, February 25, 2008 13:11
To: Tomcat Users List
Subject: Re: Session expiration and AJAX issues
Martin-
We are using Struts, however, version 1.2.9. But, after
looking at the
link, I'm not sure this will help as it doesn't really address the
problem. Storing the date/time a user logs in on the session is
probably useful, but our problem is that we want to
forcefully log the
user out if there's no human present at the computer and the
AJAX tasks
keep a user's session active indefinitely, whether or not
they mean it to.
Can url patterns be excluded from session prolonging magic?
Additionally, assuming we didn't have the AJAX tasks, we'd
have to check
the logged in time from the session on every request and
that's just not
realistic when you have hundreds of Struts actions, even with
a unique
parent Action class. That said, I'm beginning to suspect
that this may
be the only way to go, i.e., have base Action for Struts actions and
base action for AJAX actions. My only issue with this is
that then the
onus is on the developer to use the right Action and if they don't, a
session could inadvertently be left open which is a security risk.
Alternatively, we could simply force the logout on the user after 12
hours period...which would kind of suck for the user if they
were in the
middle of something and so I can almost guarantee that our product
management team wouldn't go for it since it's not really creating a
positive user experience.
--adam
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]