This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
We have discussed this issue before, and after looking through the new Servlet 2.3 API, I still dont see any changes with regards to checking the time stamp of a session to determine if the session has expired. The method getLastAccessedTime() returns the last time in which the client sent a request associated with the session. This number is always equal to the current time, which, for the most part, is useless. But if you think about it, you actually want the *second* to last time the client sent a request with the session because knowing this information allows you to quickly calculate the difference in time between the current time and the second to last time the client accessed the session. Is there an easy way to do this? I was thinking about storing a value in the session called "lastAccessedTime" and assigning it a value equal to the second to last time the client accessed the session. Then, upon getting the session from the request, I can subtract this value from the current time and compare it to a predetermined number that represents the maximum number of millisseconds a session is allowed to exist before it is marked as "expired." I'm using Weblogic 6.1, and I'm new to it, but I'm willing to bet that Weblogic makes this problem much easier. Any help would be appreciated, thanks, SAF
Safrole, Not sure if this is what you're trying to get at, but couldn't you define and register an HttpSessionListener, which will be notified when an HttpSession is created or invalidated. Once notified, this Listener could retrieve the session that changed and look at the getCreationTime() value to see if it is "old" enough to have timed out. Hope this helps. It may be something you've already tried.
Yeah, I've looked into that, but had some problems with it. I think storing a value named "lastAccessedTime" in the session and manually updating this value each time the client sends a request within the context of the session is probably the easiest way to determine session expiration. I think I'm getting too complicated for a simple problem. I have a tendency of doing that because I want to look cool as I develop my code ;D hehehe, ok, that was a joke Thanks for the advice. SAF