Win a copy of Zero to AI - A non-technical, hype-free guide to prospering in the AI era this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

When user visit a static html file, will the session's Last Access Datetime be updated?

 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi experts,

When user visit a static html file, will the session's Last Access Datetime be updated?
Is it standard? Or web-sever-based?

Thanks in advance.

Vichy
 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

vichy baby wrote:
When user visit a static html file, will the session's Last Access Datetime be updated?



Ofcourse, if you allow him to access the html after the login,usually we create the session after immediate login
 
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

seetharaman venkatasamy wrote:

vichy baby wrote:
When user visit a static html file, will the session's Last Access Datetime be updated?



Ofcourse, if you allow him to access the html after the login,usually we create the session after immediate login



Uhm, he is talking about the HttpSession, not some custom "session" which you somehow create after some login.

Regarding to the question: yes, even when visiting static files, the same session will be used and the last access will be updated.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a good question.
After browsing the spec for a minute or two (and not finding a quick answer) I decided to test this this by putting a static file and a JSP in the ROOT app that ships with Tomcat and then watching what happens using the session monitor that is part of the Tomcat manager app.

Making requests for the static page did not update the lastAccessed time in my session.

Bauke Scholtz wrote:
Regarding to the question: yes, even when visiting static files, the same session will be used and the last access will be updated.



Bauke,
Were you able to find this in the spec?
If so, what section is it in?
My quick test shows otherwise.
I'm wondering if this is spec driven behavior or, if this is not explicit in the spec, is dependent on the container you're using.


Of course if you want to enforce that requests to static pages always update the session, you could always create a filter that intercepts all requests and make a call to request.getSession with each hit.


-Ben
 
Sheriff
Posts: 9674
42
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ben Souther wrote:Making requests for the static page did not update the lastAccessed time in my session.



Shocking . I also thought that the lastAccessed time will change. After all the server can recognize the client if URL rewriting is used properly or if the client has cookies enabled...
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just tell from experience. Now I think more about it, this may also be caused by a call on a Filter which listens on /*.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bauke Scholtz wrote:I just tell from experience. Now I think more about it, this may also be caused by a call on a Filter which listens on /*.



I made the same assumption and verified by testing with the SessionMonitor app that I published on my site.
Then it occurred to me that that app has just such a filter so I tested with the session monitor that is part of the manager app (which reads the sessions at a lower level than a filter in a specific application context) and discovered that I was wrong.

When I get time, I'll search the spec some more to see if this behavior is specifically defined or not.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ankit Garg wrote:

Ben Souther wrote:Making requests for the static page did not update the lastAccessed time in my session.



Shocking . I also thought that the lastAccessed time will change. After all the server can recognize the client if URL rewriting is used properly or if the client has cookies enabled...




Why is this shocking?

After all the server can recognize the client if URL rewriting is used properly or if the client has cookies enabled


URL rewriting can't really be used properly in applications that have links hard coded in static HTML pages.
If you need to fully support browsers that don't have session cookies enabled, you would need to convert all of your static HTML pages to JSPs in order to encode all of the links they contain.
 
Ankit Garg
Sheriff
Posts: 9674
42
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ben Souther wrote:URL rewriting can't really be used properly in applications that have links hard coded in static HTML pages.
If you need to fully support browsers that don't have session cookies enabled, you would need to convert all of your static HTML pages to JSPs in order to encode all of the links they contain.



Actually I was talking about the links to the static resources i.e. for example a link to a html page in a JSP. But yeah if you have a link in an HTML page and the cookies are disabled in the browser, then the session will be lost...
 
Vichy Yao
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ben Souther wrote:
When I get time, I'll search the spec some more to see if this behavior is specifically defined or not.



Hi Ben,

Can you send me a copy of spec? Or share with me the link of spec? Thank you.

Vichy
 
Marshal
Posts: 67463
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"vichy", please check your private messages for an important administrative matter.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
 
Bear Bibeault
Marshal
Posts: 67463
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check Ben's signature for the link.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can also!
 
Vichy Yao
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tried in 2 servers.

tomcat web server - Session Last Access Datetime NOT change
Sun One application server - Session Last Access Datetime CHANGE

So I think it is server-dependent.

Thank you all for your replies.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Vichy Yao wrote:I tried in 2 servers.

tomcat web server - Session Last Access Datetime NOT change
Sun One application server - Session Last Access Datetime CHANGE

So I think it is server-dependent.

Thank you all for your replies.



How were you testing it in each server?
The more I think about it, the more it makes sense for the session not to be updated.
It is possible, after all, to write an application that doesn't use sessions at all.
If none of your servlets call request.getSession and if all of your JSPs contain the session="false" directive then there would be no sessions to update.
Why would a container look for a session and update it when a static resource is requested?
Again, if you want the sessions updated for static requests, it's very simple to create a filter that does nothing more than call request.getSession and map it to all requests.
 
Today's lesson is that you can't wear a jetpack AND a cape. I should have read this tiny ad:
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic