This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes Servlets and the fly likes Session timeout in general web applications vs social apps Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session timeout in general web applications vs social apps" Watch "Session timeout in general web applications vs social apps" New topic
Author

Session timeout in general web applications vs social apps

shivang sarawagi
Ranch Hand

Joined: Jun 19, 2008
Posts: 147
Generally sessions in web applications expire after a stipulated max inactive interval. To my knowledge primarily the reason is if the session objects are not invalidated they keep exhausting the memory. So my question is

A. Is there any other reason other why web applications timeout the user session after an inactive interval?

B. Social sites never timeout the user session even if you just leave them for the entire day. How do they manage sessions? Don't the active sessions exhaust memory on their servers or JVM to be specific?

Abhay Agarwal
Ranch Hand

Joined: Feb 29, 2008
Posts: 1086
    
    1

For point A , security can be another reason for invalidating session.
For point B, we do have option in Java to configure ever running session. About whether they exhaust memory of JVM depends upon what values do we store in Session.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61106
    
  66

If your session fills up and never empties it's a sign that you are not managing it properly. Just leaving stale data in the session, and counting upon its timeout to clear it out is a poor approach.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Also, don't assume that a user's session data has to be stored in memory. There are other strategies.
shivang sarawagi
Ranch Hand

Joined: Jun 19, 2008
Posts: 147
Thanks for the reply guys. Can you please add any resource link or would want to elaborate on session saving strategies?.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41634
    
  55
Files or - more likely - a database are other options.


Ping & DNS - my free Android networking tools app
Joe Areeda
Ranch Hand

Joined: Apr 15, 2011
Posts: 316
    
    2

Also a session may timeout but not require any user interaction to create another one.

For example the "stay logged in" checkboxes usually store a cookie in the client browser and that can be used to log in the next session.

Joe


It's not what your program can do, it's what your users do with the program.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16022
    
  20

I'm not exactly sure what the question is here, but it's entirely within the rights of a web application server to periodically scan its session collection and discard sessions which have exceeded the timeout limit. In other words, don't expect that you have to explicitly dispose of sessions.

The Tomcat webapp server will store serialized sessions in a work directory. This can cause a session to be have continuity over a shutdown/restart of the webapp server. I haven't checked, but I'm sure there are options that control this. Plus, of course, Tomcat supports alternative session storage to help facilitate clustering between discrete JVMs.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Session timeout in general web applications vs social apps