I have implemented session management so I am handling it programatically in my Servlet. After deploying my application on the WAS server the problmes are,
1) It is working perfectly if I open single browser. after say 2 min of idle time session is expiring and redirecting user to login screen.
2)If I open two browsers simultaniously with the same user name user session is never expiring it is keep on extending even I keep one browser idle, If you keep two browsers idle for 2 min session is expiring and it's working fine,I think it's sharing the session internally. What could be the reason?
3)Could you please tell me how can I configure my session management on websphere 5.x server. I am caluculating the idle time my self and invalidating session my self after some idle time.
4)Why session management is not working if more than one user is using the application.? (But it's working nice for single user at a time)
Don't use multiple windows of Internet Explorer on the same system to test sessions. The way the Internet Explorer handles cookies makes it so multiple windows are actually sharing the same J2EE session. Firefox on the other hand will treat multiple windows as different sessions.
I am not using cookies to handle the session. Even if I tried to test from two different systems with the same login id but still it's not working. If you keep idle two system for say 2 min session is getting expired if you keep one system idle and keep working on on the other system session is not expiring.
Do I need to customize my settings at server level and .ear file level on Websphere server?
Many Thanks, -Sirish
Joined: Feb 15, 2005
Originally posted by Sirish Kumar Gongal Reddy: I am not using cookies to handle the session.
Regarding why activity on a window in one system keeps the session on another system alive, this may be due to the fact that you're invalidating the session yourself after a certian period of time rather than configuring a timeout value through WebSphere or through the J2EE APIs.
There are three ways to configure session timeout values:
In the WebSphere admin console for all web applications on that server by selecting Servers--Application servers--server_name--Web container settings--Session management
Programatically with the statement: session.setMaxInactiveInterval(1800);
In the web.xml file in your web application
In the last option, the entry will look like this:
[ July 02, 2007: Message edited by: Merrill Higginson ]
Sirish Kumar Gongal Reddy
Joined: Oct 25, 2004
Many thanks for your reply with clear explanation.
May be due to the fact that you're invalidating the session yourself after a certian period of time rather than configuring a timeout value through WebSphere or through the J2EE APIs.
I am invalidating user session after some idleTime. and I am caluculating user idle time my self by taking sessionCreatingTime() and lastAccessedTime(). If user is exceeds his assigned time in the Database simply I am redirecting him to login page by giving an alert.
Why I am using this is the session interval for each user is diffenet I need to maintin session based on user role. some user will have 30 min of sessino and some have 1 hr like that. session interval is not common for entair user.
Can't I invalidating the session yourself after a certian period of time?
Thanks a lot! Sirish
Joined: Feb 15, 2005
Originally posted by Sirish Kumar Gongal Reddy:
Can't I invalidating the session yourself after a certain period of time?
Yes, you should be able to do this. I have doubts, though, about the validity of some of your tests. For example, you say it doesn't work if you sign on to a different system with the same user ID. Aren't you resetting the clock based on the user id? Should it be any surprise that the clock is reset when you sign on again as the same user? I've never used this mechanism before, so I don't know much about its idiosyncrasies and I'm afraid I can't be much help in debugging it.
A mechanism is already in place to do this through the J2EE API, so why not use it? You say your method is not working, so why not use the standard method? Just call session.setTimeoutValue(). This call only affects the current active session without affecting any others. [ July 03, 2007: Message edited by: Merrill Higginson ]