• Post Reply Bookmark Topic Watch Topic
  • New Topic

When user visit a static html file, will the session's Last Access Datetime be updated?  RSS feed

 
Vichy Yao
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi experts,

When user visit a static html file, will the session's Last Access Datetime be updated?
Is it standard? Or web-sever-based?

Thanks in advance.

Vichy
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
vichy baby wrote:
When user visit a static html file, will the session's Last Access Datetime be updated?


Ofcourse, if you allow him to access the html after the login,usually we create the session after immediate login
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
seetharaman venkatasamy wrote:
vichy baby wrote:
When user visit a static html file, will the session's Last Access Datetime be updated?


Ofcourse, if you allow him to access the html after the login,usually we create the session after immediate login


Uhm, he is talking about the HttpSession, not some custom "session" which you somehow create after some login.

Regarding to the question: yes, even when visiting static files, the same session will be used and the last access will be updated.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a good question.
After browsing the spec for a minute or two (and not finding a quick answer) I decided to test this this by putting a static file and a JSP in the ROOT app that ships with Tomcat and then watching what happens using the session monitor that is part of the Tomcat manager app.

Making requests for the static page did not update the lastAccessed time in my session.

Bauke Scholtz wrote:
Regarding to the question: yes, even when visiting static files, the same session will be used and the last access will be updated.


Bauke,
Were you able to find this in the spec?
If so, what section is it in?
My quick test shows otherwise.
I'm wondering if this is spec driven behavior or, if this is not explicit in the spec, is dependent on the container you're using.


Of course if you want to enforce that requests to static pages always update the session, you could always create a filter that intercepts all requests and make a call to request.getSession with each hit.


-Ben
 
Ankit Garg
Sheriff
Posts: 9608
36
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben Souther wrote:Making requests for the static page did not update the lastAccessed time in my session.


Shocking . I also thought that the lastAccessed time will change. After all the server can recognize the client if URL rewriting is used properly or if the client has cookies enabled...
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just tell from experience. Now I think more about it, this may also be caused by a call on a Filter which listens on /*.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bauke Scholtz wrote:I just tell from experience. Now I think more about it, this may also be caused by a call on a Filter which listens on /*.


I made the same assumption and verified by testing with the SessionMonitor app that I published on my site.
Then it occurred to me that that app has just such a filter so I tested with the session monitor that is part of the manager app (which reads the sessions at a lower level than a filter in a specific application context) and discovered that I was wrong.

When I get time, I'll search the spec some more to see if this behavior is specifically defined or not.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ankit Garg wrote:
Ben Souther wrote:Making requests for the static page did not update the lastAccessed time in my session.


Shocking . I also thought that the lastAccessed time will change. After all the server can recognize the client if URL rewriting is used properly or if the client has cookies enabled...



Why is this shocking?

After all the server can recognize the client if URL rewriting is used properly or if the client has cookies enabled

URL rewriting can't really be used properly in applications that have links hard coded in static HTML pages.
If you need to fully support browsers that don't have session cookies enabled, you would need to convert all of your static HTML pages to JSPs in order to encode all of the links they contain.
 
Ankit Garg
Sheriff
Posts: 9608
36
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben Souther wrote:URL rewriting can't really be used properly in applications that have links hard coded in static HTML pages.
If you need to fully support browsers that don't have session cookies enabled, you would need to convert all of your static HTML pages to JSPs in order to encode all of the links they contain.


Actually I was talking about the links to the static resources i.e. for example a link to a html page in a JSP. But yeah if you have a link in an HTML page and the cookies are disabled in the browser, then the session will be lost...
 
Vichy Yao
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben Souther wrote:
When I get time, I'll search the spec some more to see if this behavior is specifically defined or not.


Hi Ben,

Can you send me a copy of spec? Or share with me the link of spec? Thank you.

Vichy
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"vichy", please check your private messages for an important administrative matter.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check Ben's signature for the link.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can also!
 
Vichy Yao
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tried in 2 servers.

tomcat web server - Session Last Access Datetime NOT change
Sun One application server - Session Last Access Datetime CHANGE

So I think it is server-dependent.

Thank you all for your replies.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vichy Yao wrote:I tried in 2 servers.

tomcat web server - Session Last Access Datetime NOT change
Sun One application server - Session Last Access Datetime CHANGE

So I think it is server-dependent.

Thank you all for your replies.


How were you testing it in each server?
The more I think about it, the more it makes sense for the session not to be updated.
It is possible, after all, to write an application that doesn't use sessions at all.
If none of your servlets call request.getSession and if all of your JSPs contain the session="false" directive then there would be no sessions to update.
Why would a container look for a session and update it when a static resource is requested?
Again, if you want the sessions updated for static requests, it's very simple to create a filter that does nothing more than call request.getSession and map it to all requests.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!