Hello.
Could somebody point me to the code where new Sessions are created and
destroyed (timed out) in the Tomcat 3.3 source code please? Here is what
I could gather by going over the code:
1. When a request for a new HttpSession object comes from a servlet,
ultimately the method
org.apache.tomcat.modlues.session.SimpleSessionStore.findSession(Request,
String, boolean) gets called. This may result in the method
getNewSession(Request, Context) of an inner class (SimpleSessionManager)
getting called.
2. I am a bit stumped about where the code for timing out sessions
exists. Any pointers will be appreciated.
The real reason I am looking for this piece of code is because my
sessions aren't timing out. The following piece of code is part of a
servlet of mine that creates a session:
// Now set this session object on our servlet context.
HttpSession httpSession = request.getSession();
httpSession.setMaxInactiveInterval(timeoutInterval);
httpSession.setAttribute("my.session", session);
In the above piece of code, the timeoutInterval is set to 10 seconds
(this is deliberatly short so I can verify that the timeout can happen).
The session argument to the setAttribute method is an application
specific class called Session (the application has its own notion of a
session). However, this code doesn't seem to work. Specifically, the
session doesn't seem to timeout after 10 seconds. I know that for a fact
because the "session" object implements the HttpSessionBindingListener
interface.
Thanks for any help,
Prasanna.
