Howdy, >Reading the servlet spec raised a couple of thoughts about http session
The servlet spec v2.4, I hope? >Should I write a patch for these? Not yet. >"SRV.7.6 Last Accessed Times >The getLastAccessedTime method of the HttpSession interface allows a >servlet >to determine the last time the session was accessed before the current >request. The session is considered to be accessed when a request that is >part >of the session is first handled by the servlet container." See the JavaDoc for this method in the 2.4 servlet spec: it's not the same as what you quoted above. It's much cleaner, and tomcat implements it exactly and correctly. >Thought #2 > >If the session is created by the current request, the >session.getLastAccessedTime() returns the session creation time. Should it >return 0 instead? I'd find it a bit less incorrect. I consider creation as a special type of access, and therefore I think tomcat's behavior is correct. Does the spec say otherwise? I also don't care much for "a bit less incorrect" -- if the spec gives leeway to the container implementation, we need to have a very good reason to change current behavior (thereby affecting many users who may rely on it). >"SRV.7.5 Session Timeouts >The session invalidation will not take effect until all servlets using that >session have exited the service method." > >Tomcat does nothing to ensure this. > >To reproduce, set session timeout to 3mins and put the following code to >service method: > >HttpSession session = request.getSession(); >Thread.sleep(200 * 1000L); // a long operation =) >session.getLastAccessedTime(); > >->IllegalStateException is thrown That one is interesting. Are you sure the session has been invalidated by tomcat and there's no other code running in your webapp that may have caused this? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
