-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sharon,
On 11/9/11 12:56 AM, Sharon Prober (sprober) wrote: > This is my first post here so wish me luck J Welcome. > My question is as follow: > > I have a web based application running on tomcat 6.0.29 > > On my main page there is a polling ajax call every 5 seconds. > > Clearly this revalidates the session and by that renders the > session timeout feature unusable Yes. > I read about two main solutions for this issue > > 1. Coding on the server side (filter) a simple snippet that > identifies an ajax call based on a parameter passed and based on > that knows if this is a valid post or a polling hit that should not > affect the session expiration date This is problematic for a few reasons: 1. You usually want a polling request to return something of use, which often involves the session. You can't access the session without updating its last-accessed-time. 2. Under certain configuration, Tomcat will update the last-accessed-time of the session even if you don't call request.getSession(). This may be only the case in Tomcat 7 with the following configuration settings: See the org.apache.catalina.core. StandardHostValve.ACCESS_SESSION and org.apache.catalina.STRICT_SERVLET_COMPLIANCE system properties here: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Sessions > 2. Create a stub webapp and redirect the calls of the polling > to that app I'm not sure this buys you anything: if you pass-through calls to the "real" webapp, then you'll still be touching the session. > So my question is, is there another way for this to be achieved? It would be best to describe what your "ping" actually does. If it doesn't require session access, you may have some options. > Note. I think it might be a cool feature (with the vast ajax use > these days) to have a configuration in the web.xml the excludes > various paths/urls from the session validation checkups This would, by definition, be a violation of the specification. Instead, something like a Valve placed early in the pipeline could avoid a session update but still perform some trivial action. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk67aUkACgkQ9CaO5/Lv0PBl2ACdHDKUqQ/zkT0dfc63MFELStLK +a4An3kuFz39fXKymLVFBqYRMQ9xWUbX =naid -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
