• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session Timeouts - Websphere

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a requirement that the session has to timeout after 20 minutes of inactivity rather than websphere's default 30 minutes. I updated web.xml with the following info
<session-config>
<session-timeout>20</session-timeout>
</session-config>

What I observed is that the session timeout behaviour is erratic, i.e., the session does not timeout exactly after 20 minutes, but its always off by few minutes but less than the default 30 mins. Here is some data that I collected to demonstrate this behaviour

Last Activity: 11:10:20 12:59:5813:27:13
Timeout: 11:31:03 13:21:5513:51:05

As you can see the time difference is not exactly 20 minutes, but just a guarantee for 20 minutes. I tried setting the timeout using session.setMaxInactiveInterval() and the results is the same. Any idea on what I need to do to bring it to as close as possible to 20, if not exactly 20?

Thanks in advance,
Krishna
 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In Websphere? You need to find the place where it says the task that inactivates sessions runs every 5 minutes (or whatever it says) and change that number to something else. I forget where it is, but if you work your way through all the options in the admin server you will eventually find it.

By the way, what is the business reason that makes it a good thing to inactivate a session after 20 minutes but a bad thing to inactivate a session after 21 minutes?
 
Krishna Govindarajan
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the info. 20 minutes is a compliance requirement and its better to have it as close as possible to 20 and in one of my test case, it has varied by 3.5 minutes. I found the settings that you had mentioned here
Servers > Application Servers > server_name > Web Container > Session Management > Distributed Environment Settings > Custom Tuning Parameters and its set to 120 seconds, but that doesn't explain a difference of 3.5 minutes.
My other question regarding the above mentioned setting is that it (websphere admin) says that every 120 seconds the session will be written to the persistent store, but what happens if there is no need to persist a session?
Thanks.
[ May 22, 2006: Message edited by: Krishna Govindarajan ]
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The session IS actually expired, it just doesn't get cleaned on the server (and hence fire the session event) until one of two things occur:

1) The user attempts to access the expired session
2) a low level thread comes along and cleans up expired sessions.

Is this the behaviour you are seeing?
 
Krishna Govindarajan
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I tried changing Servers > Application Servers > server_name > Web Container > Session Management > Distributed Environment Settings > Custom Tuning Parameters to 10 seconds and it still doesn't solve my problem.
public void valueUnbound(HttpSessionBindingEvent event) is getting called in a very inconsistent manner - gets called at a random point of time as best explained by the sample timings that I had posted in my original posting. I do have a filter that looks for a value in the session and it doesn't seem to work as outlined by David. This particular value exists in the session until the valueUnbound() event is called.

I better explain, I set the session timeout to 3 minutes and I added some logger debugs. Here is a sample

2006-05-23 15:55:27,875 [Servlet.Engine.Transports : 0] DEBUG **********.filter.SecurityFilter - Session Timeout (session.getMaxInactiveInterval()): 180
2006-05-23 15:55:27,875 [Servlet.Engine.Transports : 0] DEBUG **********.filter.SecurityFilter - Session created at (new Date(session.getCreationTime())): Tue May 23 15:51:30 PDT 2006
2006-05-23 15:55:27,875 [Servlet.Engine.Transports : 0] DEBUG **********.filter.SecurityFilter - Session last accessed (new Date(session.getLastAccessedTime())): Tue May 23 15:55:27 PDT 2006

As you can see, the time difference between session last accessed and session created is more than 3 minutes.

Thanks,
Krishna
[ May 24, 2006: Message edited by: Krishna Govindarajan ]
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Krishna!

I'm facing the same problem! Did you solved the problem?
I've a cluster environment with two nodes.
The problem is that the session, doesn't timeout exactly after 5 minutes.
When the requisition is on the first node, it works just fine but on the second node it never timeout.
The memory-to-memory replication is activated, and the session timeout configurations are made for both nodes to 10 minutes.

For the web.xml:

<session-config>
<session-timeout>5</session-timeout>
</session-config>

Thanks,
Arosti
[ July 06, 2008: Message edited by: Arosti Nahas ]
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is an old post, but thought I would give a reply anyway. This is from an IBM redbook:

Note: For performance reasons, the session manager invalidation process
runs at regular intervals to invalidate any invalid sessions. This interval is
determined internally based on the Session timeout interval specified in the
Session manager properties. For the default timeout value of 30 minutes,
the invalidation process interval is around 300 seconds. In this case, it
could take up to 5 minutes (300 seconds) beyond the timeout threshold of
30 minutes for a particular session to become invalidated.

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic