Reading the servlet spec raised a couple of thoughts about http session handling to my mind. I did verify them, but did not file bug reports.
Should I write a patch for these? Thought #1 == "SRV.7.6 Last Accessed Times The getLastAccessedTime method of the HttpSession interface allows a servlet to determine the last time the session was accessed before the current request. The session is considered to be accessed when a request that is part of the session is first handled by the servlet container." Imagine the following situation with four requests in the same session: Moment 0: Request #0 arrives. The session is initiated. Moment 1: Request #1 arrives. The request processing performs some long operation. Moment 2: Request #2 arrives. Moment 3: Request #3 arrives. Moment 4: The long operation of the request #1 processing is complete. Request #1 processing calls session.getLastAccessedTime(). According to the spec the method should return the time of moment 0 (request #0 was the previous request before the request #1). Tomcat returns the time of moment 2 (the time request #2 arrived) instead. Thought #2 == If the session is created by the current request, the session.getLastAccessedTime() returns the session creation time. Should it return 0 instead? I'd find it a bit less incorrect. Thought #3 == "SRV.7.5 Session Timeouts The session invalidation will not take effect until all servlets using that session have exited the service method." Tomcat does nothing to ensure this. To reproduce, set session timeout to 3mins and put the following code to service method: HttpSession session = request.getSession(); Thread.sleep(200 * 1000L); // a long operation =) session.getLastAccessedTime(); ->IllegalStateException is thrown -- Jarno Peltoniemi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
