aspose file tools*
The moose likes Servlets and the fly likes Dynamically Extend Session Timeout? Or Copy Session? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Dynamically Extend Session Timeout? Or Copy Session?" Watch "Dynamically Extend Session Timeout? Or Copy Session?" New topic
Author

Dynamically Extend Session Timeout? Or Copy Session?

K Riaz
Ranch Hand

Joined: Jan 08, 2005
Posts: 375
Is it possible to dynamically extend a sessions timeout? I know its fixed via web.xml, but I would like a user agent to be able to "renew" a session if they wish to continue using it beyond its original timeout.

I have looked in the Servlet API and search JavaRanch and the web, but failed to yield any useful information apart from what is common knowledge.

So how about copying a session (well, the attributes of the old session to the new session to be more precise) and then associate the new "fresh" session (with its new timeout reset) to the client? The only problem here is that I think the old session ID is "binded" to the appriopate client, and there is no "setID" in HTTPSession. If there was, I could use the old ID from the old session in the new session and then invalidate the old session, so to the client, it is seamless.

Any ideas?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You do know that the session expires n minutes after the last access, not after the session has started, right?


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
K Riaz
Ranch Hand

Joined: Jan 08, 2005
Posts: 375
Good point, I thought it expired x minutes from creation, where x is set in web.xml as the timeout. That makes sense, as I thought "why are users forced to do everything in x minutes, regardless!".

So, if the timeout is 30 minutes and 29 minutes have passed since the last request, and then suddenly, from the jaws of session termination, the client makes a lifesaver HTTP request, its timeout is reset to 30 again (as opposed to 1 minute remaining)? So in essense, to reset the timeout, it should just do a dummy request?

Also, I think "setMaxInactiveInterval(int interval)" from HTTPSession can dynamically set x (timeout), which may override the context-level timeout?

public void setMaxInactiveInterval(int interval)

Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.

[ April 16, 2005: Message edited by: Kashif Riaz ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Sounds like you've got it
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Dynamically Extend Session Timeout? Or Copy Session?