<!-- ==================== Default Session Configuration ================= -->
<!-- You can set the default session timeout (in minutes) for all newly created
sessions by modifying the value in web.xml -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
regards,
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Date: Sun, 20 Mar 2011 21:14:43 +0100
> From: [email protected]
> To: [email protected]
> Subject: Re: Session timeouts: ignore "periodic polling" URL?
>
> On Sun, 20 Mar 2011 15:40:48 +0100, André Warnier wrote:
> > sebb wrote:
> >> On 20 March 2011 11:19, André Warnier <[email protected]> wrote:
> >>> sol myr wrote:
> >>>> Hi,
> >>>>
> >>>> We have a Servelts/JSP application Tomcat6.
> >>>> Our javascripts issues automatic, periodic polling requests (Ajax
> >>>> and
> >>>> Comet), in order to keep the view up-to-date.
> >>>> Unfortunately this prevents sessions from timing out...
> >>>>
> >>>> Is there a way to tell Tomcat that some URL shouldn't affect
> >>>> session
> >>>> timeouts?
> >>>> Namely if for the last 30 minutes, the browser requested nothing
> >>>> but
> >>>> "http://server/autoRefresh.do"; , then Tomcat should assume the
> >>>> user went
> >>>> away from the computer, and kill the session.
> >>>>
> >>> You may have to explain the logic of this a bit better, because on
> >>> the face
> >>> of it, it makes no sense.
> >>> Presumably, if you create a session, it is because the application
> >>> needs a
> >>> session (aka, needs some information to be preserved between
> >>> individual
> >>> requests of the same user/browser).
> >>> Then why would you want it to time out ?
> >> This is the sort of behaviour one wants for online banking - the
> >> session should be logged out if the user does not do anything for a
> >> while, even though the page may be doing background requests.
> >>
> >
> > Allright then, I'll buy that, if somewhat reluctantly.
> >
> > The creation or retrieval of a session, as far as I understand it, is
> > totally under application control.
> > In other words, if your servlet (or JSP), when it is called, executes
> > a HttpServletRequest.getSession() call, then it will retrieve the
> > existing session (or create one if none exists yet); and if it does
> > not call getSession(), it will not.
> If the browser sends a session-id, tomcat will touch the session and
> mark it as alive.
>
> I remember a similar thread not long ago, but I can't find it in the
> archives. I could
> find a similar thread from 2008 where Christopher gave some answers to
> this problem[1].
>
> If OP knows the url-pattern for all its ajax-request, that should be
> ignored for
> session-keepalive, the parameter in the filter could be dropped. He
> would just have to
> limit the filter to that url.
>
> Regards
> Felix
>
> [1]
> http://old.nabble.com/Session-expiration-and-AJAX-issues-td15671248.html
> >
> > In other words, if you want some requests URLs "not to count" (or "be
> > excluded") as far as the session mechanism is concerned, then you
> > just
> > have to map these requests (URLs) to a servlet/JSP page which does
> > not
> > do a getSession().
> >
> > Of course, if in order to refresh the information in the browser
> > page, the application needs to access information stored in the
> > session, then you have a problem.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
