Dylon Stout wrote:Are you passing or accessing any session information with the servlet that you calling in your javascript?
Dylon Stout wrote:Just for clarification, you does the servlet you are executing through javascript need session information to perform it's tasks?
Bear Bibeault wrote:Then you will not be able to rely upon the session timeout, and you will have to create your own timeout mechanism using filters and storing timing information in the session.
Bear Bibeault wrote:Then you will not be able to rely upon the session timeout, and you will have to create your own timeout mechanism using filters and storing timing information in the session.
Dave Tolls wrote:Yes.
As Bear says, you can't rely on the session timeout for this, which means any of the standard session information as they are controlled by the server engine.
You need to roll your own and store the info in the session as an attribute.
Bear Bibeault wrote:You need to keep track of last access times in your session .
Bear Bibeault wrote:Exactly. Screwing around with the session timeout will not achieve what you are after. You need to keep track of last access times in your session and take appropriate action when whatever time limit you decide upon has been reached.
You either use the session as it is intended, or you roll your own. Them's the choices.
Steve Dyke wrote:Tell me if I have this correct. I get the logon timestamp and add say 30 minutes to it. This becomes my limit. Then at the filter I check the access time and compare it to my limit and decide if invalidate is called?
One question is how could I may the limit dynamic so as long as there is activity, at least when certain servlets are accessed?
I've read about this kind of thing at the checkout counter. That's where I met this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
|