On Thu, 2011-10-20 at 16:44 -0400, Christopher Schultz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tim, > > On 10/20/2011 10:15 AM, Tim Watts wrote: > > I should also point out that this approach is somewhat kludgey > > because of the inherent latency problems when the session is close > > to expiration. But I don't know of a rock solid approach. You just > > have to have the timer pop sufficiently sooner than the session > > expiration -- for some value of "sufficient". > > Perhaps later? If you make the call too soon, you'll tickle the > session and start the 30-minute (or whatever) clock all over again. >
Ah. Left out an important piece of the puzzle: included an indicator on the redirect URL to invalidate the session. The reason for not doing it later was the whole point of the exercise in my case: The client (paycheck writer) didn't like submitting work and being surprised that their session had already expired. This was a while ago -- no HttpSessionListeners available -- so we couldn't easily persist the session and recall it when the user logged in again. As, I think, Andre was perhaps alluding to, this approach by itself is probably overlooking a deeper problem. > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk6giCMACgkQ9CaO5/Lv0PCDFgCeIhcfq/pC2z8MNjGwmvNPCjBh > qIAAoLq64F23ZnkcY1Lj6L/bqeO22CYp > =HT9l > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
