This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I have an application in place that uses JSP's & Servlets, the nature of usage of this application that basically the user will have the browser open for a long while between each time they use the application (ie. click on any link or submit any form)
now this causes session timeouts to the users where they need to re-login again. This problem was solved but i think in a dumb way by making the side menu refresh itself (as it is a frame in the page) so this way the session stays.
Is there a way to disable the session time out on the server ?
It is running on iPlanet webserver 6.1
<b><i>KaReEm</i><br /><ul type="square"><li>SCJP-Free Range Web Developer <br /></ul></b>
Disabling Session timeouts would be a really really really really bad idea. However, implementing a "remember me" login feature (similar to what we do on JavaRanch) would work just fine. See this link for more information.
Did I mention that disabling Session timeouts would be a bad idea? [ June 12, 2004: Message edited by: Chris Mathews ]
Joined: Aug 06, 2001
Well the aim is to have a persistent login experience not really important if disabling session time out is the way or not.
But just out of curiosity why would it be a really really really bad idea ?
thanks for the link
Joined: Jul 18, 2001
Originally posted by Kareem Gad: But just out of curiosity why would it be a really really really bad idea?
A session uses server resources right? And those resources aren't reclaimed until the session is invalidated right? And if your timeout is set to infinity then the session will never be invalidated right? Therefore, the memory for those session will never be reclaimed right? Do I need to say more?
According to the API, calling setMaxInactiveInterval with a negative number gets you "never time out" so if thats what you want, you can do it. However, I am with Chris - that would be misuse of the technology. Why not make your own (Serializable) class to contain user state - use a name for the serialized file that corresponds to a cookie on the user machine (or their userid or whatever). Have that class implement HttpSessionBindingListener - when the session times out, the object can serialize itself to disk. When the user comes back, the cookie lets you grab the user state object from disk - really quite fast. Bill