aspose file tools*
The moose likes Servlets and the fly likes disabling session time outs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "disabling session time outs" Watch "disabling session time outs" New topic
Author

disabling session time outs

Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
I have an application in place that uses JSP's & Servlets, the nature of usage of this application that basically the user will have the browser open for a long while between each time they use the application (ie. click on any link or submit any form)

now this causes session timeouts to the users where they need to re-login again. This problem was solved but i think in a dumb way by making the side menu refresh itself (as it is a frame in the page) so this way the session stays.

Is there a way to disable the session time out on the server ?

It is running on iPlanet webserver 6.1


<b><i>KaReEm</i><br /><ul type="square"><li>SCJP-Free Range Web Developer <br /></ul></b>
Chris Mathews
Ranch Hand

Joined: Jul 18, 2001
Posts: 2712
Disabling Session timeouts would be a really really really really bad idea. However, implementing a "remember me" login feature (similar to what we do on JavaRanch) would work just fine. See this link for more information.

Did I mention that disabling Session timeouts would be a bad idea?
[ June 12, 2004: Message edited by: Chris Mathews ]
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Well the aim is to have a persistent login experience not really important if disabling session time out is the way or not.

But just out of curiosity why would it be a really really really bad idea ?

thanks for the link
Chris Mathews
Ranch Hand

Joined: Jul 18, 2001
Posts: 2712
Originally posted by Kareem Gad:
But just out of curiosity why would it be a really really really bad idea?

A session uses server resources right? And those resources aren't reclaimed until the session is invalidated right? And if your timeout is set to infinity then the session will never be invalidated right? Therefore, the memory for those session will never be reclaimed right? Do I need to say more?
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12823
    
    5
According to the API, calling setMaxInactiveInterval with a negative number gets you "never time out" so if thats what you want, you can do it. However, I am with Chris - that would be misuse of the technology.
Why not make your own (Serializable) class to contain user state - use a name for the serialized file that corresponds to a cookie on the user machine (or their userid or whatever). Have that class implement HttpSessionBindingListener - when the session times out, the object can serialize itself to disk. When the user comes back, the cookie lets you grab the user state object from disk - really quite fast.
Bill
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: disabling session time outs