Ok, Thanks all for the inputs. I found a hybrid solution for this. So for future use here goes....
In my application I make sure there is a filter that is called on every hit to the server "/*" Next I create a new filter which will handle only calls such as poling and other ajax calls that do not "postpone" the expiration date of the session. In the web.xml I can use the <url-pattern> element as a framework hook for each developer in the application to enter their own "poling" link The way it works is as follows 1)SessionTimeoutFilter doFilter .... public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpSession session = req.getSession(false); if (null != session) { Date realLastAccessDate = (Date) session .getAttribute(SESSION_LAST_ACCESS_IDENTIFIER); if (realLastAccessDate == null) { realLastAccessDate = new Date(); session.setAttribute(SESSION_LAST_ACCESS_IDENTIFIER, realLastAccessDate); } if (realLastAccessDate.before(new Date())) { // probably want to log this event session.invalidate(); session = null; } } request.setAttribute(IS_SESSION_TIMEOUT_RESETER,false); filterChain.doFilter(request, response); } 2)The general filter that is always called... public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpSession session = hreq.getSession(false); if(session!=null && (hreq.getAttribute(SessionTimeoutFilter.IS_SESSION_TIMEOUT_RESETER)==null || ((Boolean)hreq.getAttribute(SessionTimeoutFilter.IS_SESSION_TIMEOUT_RESETER)).booleanValue())){ Date expirationDate = new Date(System.currentTimeMillis() + session.getMaxInactiveInterval()/*seconds*/ * 1000 /*milliseconds*/); session.setAttribute(SessionTimeoutFilter.SESSION_LAST_ACCESS_IDENTIFIER, expirationDate); } chain.doFilter(request, response); } 3) the web.xml... (make sure it’s a the first filter defined!) <filter> <filter-name>SessionTimeoutFilter</filter-name> <filter-class>(the package)SessionTimeoutFilter</filter-class> </filter> <filter-mapping> <filter-name>SessionTimeoutFilter</filter-name> <url-pattern>/YOUR-URL-PATTERN</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> </filter-mapping> From this point on any developer can add url patterns that will not postpone the expiration date simply by adding <url-pattern>/YOUR-OTHER-URL-PATTERN</url-pattern> HTH anyone, Sharon -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, November 14, 2011 6:17 PM To: Tomcat Users List Subject: Re: Session time out never takes place with ajax -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sharon, On 11/10/11 3:11 AM, Sharon Prober (sprober) wrote: > I understand it is invoked before the filters, but after > completion it would arrive to the filter/servlet container anyway. > So what your saying is that if I build a valve and read information > from IO file or/db or any other cached data which doesn’t trigger > a request.getSession That will work? I think it would help if you explained what your "ping" needs to do. Basically, if you need session data to do it, you are out of luck. If you don't need session data, why are you pinging? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7BPvIACgkQ9CaO5/Lv0PD6rQCglhRD4lA4qMaqkybwBXvjeqc1 +LIAn3ARzOKhsdzPqBJ9xkkLYAeIWiXf =kM6R -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org