Is it possible to dynamically extend a sessions timeout? I know its fixed via web.xml, but I would like a user agent to be able to "renew" a session if they wish to continue using it beyond its original timeout.
I have looked in the Servlet API and search JavaRanch and the web, but failed to yield any useful information apart from what is common knowledge.
So how about copying a session (well, the attributes of the old session to the new session to be more precise) and then associate the new "fresh" session (with its new timeout reset) to the client? The only problem here is that I think the old session ID is "binded" to the appriopate client, and there is no "setID" in HTTPSession. If there was, I could use the old ID from the old session in the new session and then invalidate the old session, so to the client, it is seamless.
Good point, I thought it expired x minutes from creation, where x is set in web.xml as the timeout. That makes sense, as I thought "why are users forced to do everything in x minutes, regardless!".
So, if the timeout is 30 minutes and 29 minutes have passed since the last request, and then suddenly, from the jaws of session termination, the client makes a lifesaver HTTP request, its timeout is reset to 30 again (as opposed to 1 minute remaining)? So in essense, to reset the timeout, it should just do a dummy request?
Also, I think "setMaxInactiveInterval(int interval)" from HTTPSession can dynamically set x (timeout), which may override the context-level timeout?
public void setMaxInactiveInterval(int interval)
Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout. [ April 16, 2005: Message edited by: Kashif Riaz ]