• Post Reply Bookmark Topic Watch Topic
  • New Topic

Session Tracking Technique  RSS feed

 
mohammad shadab
Ranch Hand
Posts: 62
Eclipse IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I want to make an ajax call after receive 10 seconds to see the session status on a page , But as i know on every call to server session will be refreshed and again tome out will be reset , What is the best policy to find remaining session's time without resetting it through ajax.

Is there any way to exclude a URL which should not reset session, And this url just responsible to get session information through ajax?

 
Mohamed Sanaulla
Bartender
Posts: 3184
34
Google App Engine Java Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please share the code which handles the Ajax request on the server?

Its better to avoid using Sessions as they can be a cause for a lot of bugs and does not scale. Any data which is required by the server is sent via the request.
 
Tim Moores
Saloon Keeper
Posts: 3967
94
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mohamed Sanaulla wrote:Its better to avoid using Sessions as they can be a cause for a lot of bugs and does not scale.

I disagree with both these points. Anything can be cause for bugs, there's nothing inherent in sessions that makes them especially bug-prone. That sessions don't scale is a myth from 15 years ago, when they were new, and people put many MBs of data in them per user, because they didn't understand that point. Used responsibly, sessions are quite useful and there's no reason to avoid them in general.
 
Dave Tolls
Ranch Foreman
Posts: 3011
37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And the original poster seems to be trying to get information about the session, not information they have stored in the session, since the session exists whatever it's not really going to be an issue.
Not too sure what data exactly is to be retrieved, though?  Just whether the session is active?
In which case, yes, I expect that's not possible as you are keeping the session alive by making the request.
 
mohammad shadab
Ranch Hand
Posts: 62
Eclipse IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
any suggestion , i am feeling discussion os going away.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66263
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cannot keep track of the state of the session timeout via requests because, as you've noted, making such a request changes what you are trying to observe (see observer effect).

Rather, I see that you have three choices:
  • After every request, keep track of how long since the latest request in JavaScript. This would be clunky and error-prone, and require that you add extra code to keep track of every request. Messy. Not recommended.
  • Don't use the actual session timeout, but rather, use the session to keep track of an artifical "security" timeout. See below.
  • Decide it's not worth it and give it up as not important enough to spend a bunch of time on.

  • I highly recommend that latter unless it's a really important feature.

    Regarding the "security timeout" approach: in a bank application I once worked on, I needed to set things up such that:
  • If the user was idle for 15 minutes, to force them to log in again.
  • After login, to make sure that no state was lost. Inlcuding any form that they were in the middle of filling in.

  • Use the traditional method of letting a session expire wouldn't cut it. So here's what I did:
  • Set things up so that the session never actually expired.
  • Used a servlet filter on almost every request (leaving out things like login) that recorded when the request was made, and computed how long since the last request.
  • If longer than 15 minutes, pop up a login box.

  • Because the session never actually expired, all state could be kept in the session without the need to try and recreate it after a "timeout". And use of Ajax prevented pages from refreshing unless I wanted them to.

    You could easily set something up similar, and set up the call to find out how much time is left to not reset the "timer".

    But again, ditching the feature unless it's really important is easier.
     
    It is sorta covered in the JavaRanch Style Guide.
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!