This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

disabling session time outs

 
Kareem Gad
Ranch Hand
Posts: 89
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an application in place that uses JSP's & Servlets, the nature of usage of this application that basically the user will have the browser open for a long while between each time they use the application (ie. click on any link or submit any form)

now this causes session timeouts to the users where they need to re-login again. This problem was solved but i think in a dumb way by making the side menu refresh itself (as it is a frame in the page) so this way the session stays.

Is there a way to disable the session time out on the server ?

It is running on iPlanet webserver 6.1
 
Chris Mathews
Ranch Hand
Posts: 2712
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Disabling Session timeouts would be a really really really really bad idea. However, implementing a "remember me" login feature (similar to what we do on JavaRanch) would work just fine. See this link for more information.

Did I mention that disabling Session timeouts would be a bad idea?
[ June 12, 2004: Message edited by: Chris Mathews ]
 
Kareem Gad
Ranch Hand
Posts: 89
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well the aim is to have a persistent login experience not really important if disabling session time out is the way or not.

But just out of curiosity why would it be a really really really bad idea ?

thanks for the link
 
Chris Mathews
Ranch Hand
Posts: 2712
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Kareem Gad:
But just out of curiosity why would it be a really really really bad idea?

A session uses server resources right? And those resources aren't reclaimed until the session is invalidated right? And if your timeout is set to infinity then the session will never be invalidated right? Therefore, the memory for those session will never be reclaimed right? Do I need to say more?
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13045
6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to the API, calling setMaxInactiveInterval with a negative number gets you "never time out" so if thats what you want, you can do it. However, I am with Chris - that would be misuse of the technology.
Why not make your own (Serializable) class to contain user state - use a name for the serialized file that corresponds to a cookie on the user machine (or their userid or whatever). Have that class implement HttpSessionBindingListener - when the session times out, the object can serialize itself to disk. When the user comes back, the cookie lets you grab the user state object from disk - really quite fast.
Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic