Meaningless Drivel is fun!*
The moose likes JSP and the fly likes How to read Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "How to read "session-timeout" defined in web.xml" Watch "How to read "session-timeout" defined in web.xml" New topic
Author

How to read "session-timeout" defined in web.xml

Johny Talker
Greenhorn

Joined: Jan 26, 2012
Posts: 13
Hi everybody,

As per my requirement, I have to read session-timeout defined in web.xml file under tag <session-config> t </session-config> into my JSP using javascript code.
Any idea about this ?
Prasad Krishnegowda
Ranch Hand

Joined: Apr 25, 2010
Posts: 507

Just Wondering, why you would need to do that?


Regards, Prasad
SCJP 5 (93%)
Karn Kumar
Ranch Hand

Joined: Aug 06, 2009
Posts: 145

Hi Johny,

Try out this

In the JSP you will get implicit object session , from where you will get the value of session timeout in seconds with the help of method (int) session.getMaxInactiveInterval() , which you can assign to hidden field and then you will get it in the Javascript . This value will be in seconds which is mentioned in the minutes in web.xml

Any suggestion is highly appreciated.


-Chetan
Prasad Krishnegowda
Ranch Hand

Joined: Apr 25, 2010
Posts: 507

Writing Java code (Scriplets) inside JSP, is been discredited for 10 Years, instead JSTL/EL should be used. There are ways, to get that value, even without scriplets, but wondering what's the requirement that's diving this...
jhon masco
Ranch Hand

Joined: May 13, 2010
Posts: 93
Hi Johny . Read this post this could help you.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

jhon masco wrote: Hi Johny . Read this post this could help you.

No, the value in question not a context param and so there's no supported way to read it.

Again, why is this needed? It's not something that's usually done and so raises some red flags.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Bear Bibeault wrote:
jhon masco wrote: Hi Johny . Read this post this could help you.

No, the value in question not a context param and so there's no supported way to read it.

Again, why is this needed? It's not something that's usually done and so raises some red flags.


I have a reason. In order to speed up the session cleanup when a user logs off from my site, I call setMaxInactiveInterval( 30 ) to manually set the timeout to 30 seconds. This allows me to re-display the login page without having to invalidate the session, so the session 'naturally' decays quickly. If I was to invalidate the session manually by calling invalidate(), the process to re-display the login page will, by necessity, create a new session, which will hang around for the full duration before being cleaned up. However, in the rare case when the user re-logs in, I would like to artificially restore the session timeout to the default in the web.xml file.

So, do you have a way to retreive this value?

Ta.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

Again, there is no supported way to read this value. You'll need to roll your own, but I still question the necessity.

In your scenario, what so you think the difference is between invalidating the session, and letting it expire "naturally".
Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Bear Bibeault wrote:Again, there is no supported way to read this value. You'll need to roll your own, but I still question the necessity.

In your scenario, what so you think the difference is between invalidating the session, and letting it expire "naturally".


Usually when a user logs off from the site, he or she exits the browser. In this situation, the session will remain on the server, taking up memory, until the inactivity timeout (currently set to 30 minutes) expires. To avoid this, you can do two things: 1) Invalidate the session, or 2) set a short inactivity timeout.

If I invalidate the session on logout, the process that displays the login page (because it sets themes, etc) has to create a new session instance because the current session is now invalid.

By setting a short inactivity timeout, and NOT invalidating the session, I avoid the login page processing creating a new session, and so even though the user gets to see the login page again, the session will expire in 30 seconds should they exit their browser.

But, if they then re-login within that 30 second window the system is more likely log them out unexpectedly because the sesssion will timeout after 30 seconds of inactivity. So I want to put into the login process some code to restore the session to the default from web.xml (ideally).

If this is too hard (as you suggest), then I'll need to take the less ideal approach of invalidating the session if the timeout is 30 seconds and getting a new one (which is probably the supported procedure anyway). This then will require my code to re-establish all the session variables which were already set in the previous session. I could have avoided that step if the original session is preserved.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

Matt W Robinson wrote: the session will remain on the server, taking up memory

If you remove the information from the session, it's not going to be any significant resource problem. I think you're trying to micro-manage the session management needlessly.

Do you have concrete numbers from profiling that show that "lingering" sessions are a resource problem? If not, then I think you are over-thinking the whole thing.
Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Bear Bibeault wrote:
Matt W Robinson wrote: the session will remain on the server, taking up memory

If you remove the information from the session, it's not going to be any significant resource problem. I think you're trying to micro-manage the session management needlessly.

Do you have concrete numbers from profiling that show that "lingering" sessions are a resource problem? If not, then I think you are over-thinking the whole thing.


No, I don't have 'concrete' numbers, but I'm using JBOSS AS and Struts 1.x and I was receiving JAVA 'Out of Memory' errors recently. My code puts very little into the Session, but Struts does load up the session with enough data to be significant. I noticed that when I was invalidating sessions on logout, there was almost twice as many sessions as logged-in users at all times. Once I changed the code so those extra sessions weren't being created, overall memory use dropped dramatically, and usage behaviour levelled out nicely. (Based on the JMX-Console server-info Agent).

Yes, I know there may be other factors, and I'm sure you'd like to point out there could be memory leaks and such-like, so I'd rather you spare me a lecture on that, please. :-) I am in the process of looking at all the code with an eye to memory improvement. In the meantime the site has to stay up, hence my interest in this 'session micro-management' and the ability to reset the timeout values. I would rather not hard-code a 'default' timeout value when I can use the web.xml setting.

And if the workaround is to parse the web.xml file itself, then I'm not really in favour of that either. But if I can leverage a setting already loaded by the container, that's useful.

Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Well, if you're looking at short-term approaches meant to keep the system alive, then I would suggest just looking at the web.xml for the session timeout value and then hard-coding that number into whatever short-term fixes you implement.

Then once you get things under control, that code which manages the sessions is likely to go away, so then it didn't matter that you did that hard-coding and you don't need to worry about making sure it stays in sync with whatever changes people make to the session timeout value.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 9937
    
159

If I invalidate the session on logout, the process that displays the login page (because it sets themes, etc) has to create a new session

Why does this need to create a session?

[My Blog] [JavaRanch Journal]
Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Jaikiran Pai wrote:
If I invalidate the session on logout, the process that displays the login page (because it sets themes, etc) has to create a new session

Why does this need to create a session?


Because the process that creates the login page (a tile) calls request.getSession() so that it can store a theme setting for the session. If the previous session (now logged off) has been invalidated by the logoff process, that call will create a new session.

Folks, I already have a solution to my session problem. I just would like to know if there is a way to access the web.xml session timeout setting. Everyone's heavy on advice as to how to avoid the need, but no one really wants to answer the question. I know you're trying to be as helpful as possible, but please, if you're not going to answer the standing question, please redirect your advice to another forum or topic.

Ta.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

It has already been answered: you'll have to do it yourself. XML is parsable by Java code -- a simple search will yield plenty of examples.

Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Bear Bibeault wrote:It has already been answered: you'll have to do it yourself. XML is parsable by Java code -- a simple search will yield plenty of examples.



Oh, OK. It wasn't clear to me, because of all other questions. In fact that 'answer' was in the original question. I thought from reading all the other stuff that you had another answer but were reluctant to provide it. My mistake. Sorry for the confusion.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

You're welcome, but I still think you are tilting at windmills. If this were something that really needed to be done, there'd be a supported way to do it.
Stefan Evans
Bartender

Joined: Jul 06, 2005
Posts: 1016
So if I understand this correctly, you want the session time-out set to 30 seconds as part of just this one action, and then restored to the default if the user decides to log back in.
Here is a quick hacky way to do it with just a couple of lines of code. I don't necessarily agree with your approach, but you've already communicated about that :-)

User invokes logout action:
store value of timeout (maybe in the session? ;-))
set session timeout to 30 seconds

User invokes login action:
if that default timeout value is stored in session, set session timeout to that value, and remove the attribute.


Logout action:


Login action:


Ok, so it doesn't answer your question of "how to read session timeout from web.xml" but I think it does a pretty reasonable equivalent.
And no. I don't like auto boxing.
Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Bear Bibeault wrote:You're welcome, but I still think you are tilting at windmills. If this were something that really needed to be done, there'd be a supported way to do it.


Understood and accepted.
Matt W Robinson
Greenhorn

Joined: Dec 13, 2007
Posts: 12

Stefan Evans wrote:So if I understand this correctly, you want the session time-out set to 30 seconds as part of just this one action, and then restored to the default if the user decides to log back in.
Here is a quick hacky way to do it with just a couple of lines of code. I don't necessarily agree with your approach, but you've already communicated about that :-)

User invokes logout action:
store value of timeout (maybe in the session? ;-))
set session timeout to 30 seconds

User invokes login action:
if that default timeout value is stored in session, set session timeout to that value, and remove the attribute.


Logout action:


Login action:


Ok, so it doesn't answer your question of "how to read session timeout from web.xml" but I think it does a pretty reasonable equivalent.
And no. I don't like auto boxing.


Thanks. I appreciate you taking the time to lay it out. It was an option I was considering. I was hoping I didn't have to do that. To me, if the standard provided a way to change the Timeout setting at runtime, it should provide a way to 'reset' it to the default. After all, if we're not supposed to interfere with the automated session management, why provide the means to?

Anyway. I'll probably go with this solution until I nail the memory issue.
 
 
subject: How to read "session-timeout" defined in web.xml
 
Similar Threads
Clearing the session.
session timeout not working
Not able to get this !
difference in actual and specified timeout
Default Session timeout issues Configuration!!!