• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

disabling session time outs

 
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have an application in place that uses JSP's & Servlets, the nature of usage of this application that basically the user will have the browser open for a long while between each time they use the application (ie. click on any link or submit any form)

now this causes session timeouts to the users where they need to re-login again. This problem was solved but i think in a dumb way by making the side menu refresh itself (as it is a frame in the page) so this way the session stays.

Is there a way to disable the session time out on the server ?

It is running on iPlanet webserver 6.1
 
Ranch Hand
Posts: 2713
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Disabling Session timeouts would be a really really really really bad idea. However, implementing a "remember me" login feature (similar to what we do on JavaRanch) would work just fine. See this link for more information.

Did I mention that disabling Session timeouts would be a bad idea?
[ June 12, 2004: Message edited by: Chris Mathews ]
 
Kareem Gad
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well the aim is to have a persistent login experience not really important if disabling session time out is the way or not.

But just out of curiosity why would it be a really really really bad idea ?

thanks for the link
 
Chris Mathews
Ranch Hand
Posts: 2713
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Kareem Gad:
But just out of curiosity why would it be a really really really bad idea?


A session uses server resources right? And those resources aren't reclaimed until the session is invalidated right? And if your timeout is set to infinity then the session will never be invalidated right? Therefore, the memory for those session will never be reclaimed right? Do I need to say more?
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
According to the API, calling setMaxInactiveInterval with a negative number gets you "never time out" so if thats what you want, you can do it. However, I am with Chris - that would be misuse of the technology.
Why not make your own (Serializable) class to contain user state - use a name for the serialized file that corresponds to a cookie on the user machine (or their userid or whatever). Have that class implement HttpSessionBindingListener - when the session times out, the object can serialize itself to disk. When the user comes back, the cookie lets you grab the user state object from disk - really quite fast.
Bill
 
reply
    Bookmark Topic Watch Topic
  • New Topic