• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Expiring session from servlet

 
Greenhorn
Posts: 21
Netbeans IDE Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Everyone,
I have some query about expiring session from Servlet.
Scenario is like, in my application, we are managing session timeout through spring framework but also in some of the pages json objects are keep getting updated by calling servlet through javascript every second.
So the pages where json object is not updating, the page expires as per the time specified in configuration but the pages where the script is running to update json every second, the page is not expiring.
Can anyone help me that how can I expire the session as per the time specified in Spring configuration.
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
you can set the session time out web.xml file
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sessions are not expired from application code.

Sessions are expired by the Container (the webapp server). Expiration is done when the container notices that a session has not been referenced within the session timeout period, defined by default by the container and customizable on a per-application basis in web.xml.

Sessions are kept alive by the simple process of making an HTTP request to the webapp with that session ID. That is why the session never expires when periodic AJAX polling is done. Each poll results in an HTTP request, and each HTTP request causes the container to reset the session countdown timer.

Session-related activity is solely concerned with HTTP requests and webapp HTTP request processors are not continuously-executing processes. Therefore you cannot take action when a session actually expires, only see when a request has been made after a session has expired. This can be assisted somewhat by implementing Session Listeners, but session listener events aren''t guaranteed to happen exactly at the instant of timeout, only at some convenient time after the timeout. Convenient to the container, that is.

On the other hand, what you're probably looking to do is timeout and logout a user and the AJAX polling is interfering with that. What you can do is maintain a user-time timer of your own and ONLY reset it when you handle normal page requests, but not AJAX requests. Then, when a page request comes in, if the user-time timer has expired, manually invalidate the session, which effectively logs the user out. A refinement of that concept that's even better is to place code on the web pages that is sensitive to an AJAX response with a "user timed out" status and use that to trigger a page reload to display a "You have just been logged out" page, rather than waiting for an actual new full-page user request.

Trying to separate the timeout and non-timeout (AJAX) requests can be troublesome, since it's a cross-cutting concern and not something that you want to have people to have to remember to manually code into every eligible HTTP request handler. Sooner or later, someone will forget to do so.

To avoid that problem, you might prefer to setup a URL formulation that clearly distinguishes the AJAX URLs from the non-AJAX URLs and add a Session Filter that handles the user timer before the request is passed on to the regular application code.
 
Pratik Parekh
Greenhorn
Posts: 21
Netbeans IDE Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim, for such a good support and knowledge...
 
Do you want ants? Because that's how you get ants. And a tiny ads:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic