Session timeout

[Chris Edwards <ce...@uga.edu>]

Hi. I have my session-timeout set to 60 minutes in web.xml. The page in 
question is dynamically rendered based on what's currently in the 
session and the user adds items one at a time. So they fill out a form, 
submit it to a Struts Action which adds it to the Session object and 
then forwards back to that page where the new item is added to a list or 
an error message is given.

Everything works fine except that the session will time-out and then 
they are forwarded to the "session-timeout-login-again" page. Since the 
data is written to the DB after they have added all items some people 
are losing their work if they happen to hit that 60 minutes.

Does submitting a new Request not constitute a "reset" of the 
session-timeout? The page should not be cached since a new item is added 
or an error message is given after every form submit.

Thanks in advance for any help / advice. All the best.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Session timeout

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Len,

Len Popp wrote:
> I haven't used Struts so I don't know if that
> changes the session handling somehow.

FYI: Struts doesn't tough session management, so it should act normally.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGNml79CaO5/Lv0PARAgUsAKCirPgnt1Hs6K5gh1sUSc9bv9nOYQCfZSB0
biyC0Ic7LzIXwmAzv3AzWp8=
=DwdQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Session timeout

[Len Popp <le...@gmail.com>]

If the user is clicking a submit button on the form, then the browser
is sending a request to the server, and that should reset the timer
for the session timeout. I haven't used Struts so I don't know if that
changes the session handling somehow. With my own webapp, the session
stays active as long as I send requests periodically.

Maybe you should do some logging to figure out what's happening. You
can use Tomcat's AccessLogValve to verify that requests are coming in
within the timeout interval, and your own code could log some session
info like getCreationTime, getLastAccessedTime.
-- 
Len

On 4/30/07, Rashmi Rubdi <ra...@gmail.com> wrote:
> On 4/30/07, Chris Edwards <ce...@uga.edu> wrote:
> > Hi. I have my session-timeout set to 60 minutes in web.xml. The page in
> > question is dynamically rendered based on what's currently in the
> > session and the user adds items one at a time. So they fill out a form,
> > submit it to a Struts Action which adds it to the Session object and
> > then forwards back to that page where the new item is added to a list or
> > an error message is given.
> >
> > Everything works fine except that the session will time-out and then
> > they are forwarded to the "session-timeout-login-again" page. Since the
> > data is written to the DB after they have added all items some people
> > are losing their work if they happen to hit that 60 minutes.
>
> In the above case it is the ~same~ request within same browser
> instance, the session times-out after an inactive interval.
>
> So if they add things to the cart but the browser stays idle for more
> than 60 minutes, then the session times out.
>
> However if you implement
> http://java.sun.com/javaee/5/docs/api/javax/servlet/http/HttpSessionListener.html
> , it sends a notification when the Session is about to be invalidated
> ( JavaEE 5) , on receiving the notification you can choose to either
> commit or rollback the transaction or save it temporarily.
>
>
> > Does submitting a new Request not constitute a "reset" of the
> > session-timeout?
>
> new Request -- yes (if HTTP Redirect is used, it is a new Request)
>
> same Request -- no (if HTTP Forward is used, it is the same Request)
>
> Most likely you are navigating from one page to the next with Http
> Forward, which maintains the ~same~ Http Request throughout the
> navigation.
>
> > The page should not be cached since a new item is added
> > or an error message is given after every form submit.
> >
> > Thanks in advance for any help / advice. All the best.
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> When Http Redirect is used a new session is created and it resets the
> session timeout interval....
>
> Session ID : F98B9FA599811B0A206C73316B970EB0
> Session was created at : Mon Apr 30 12:52:03 EDT 2007
> Perform Http Redirect
> Session ID : 4779909EE1A36F003E381D6C913B31E5
> Session was created at : Mon Apr 30 12:52:08 EDT 2007
>
> Notice a new session is created above, thus resets the timeout interval.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> When Http Forward is used the same request and thus the same session
> exists throughout, so the session timeout interval of the session
> created by this request remains the same.
>
> Session ID : 55FD6EF762C1AFC549F2EBBFB7CC5208
> Session was created at : Mon Apr 30 12:54:09 EDT 2007
> Perform Http Forward
> Session ID : 55FD6EF762C1AFC549F2EBBFB7CC5208
> Session was created at : Mon Apr 30 12:54:09 EDT 2007
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> -Regards
> Rashmi
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Session timeout

[Rashmi Rubdi <ra...@gmail.com>]

On 4/30/07, Chris Edwards <ce...@uga.edu> wrote:
> Hi. I have my session-timeout set to 60 minutes in web.xml. The page in
> question is dynamically rendered based on what's currently in the
> session and the user adds items one at a time. So they fill out a form,
> submit it to a Struts Action which adds it to the Session object and
> then forwards back to that page where the new item is added to a list or
> an error message is given.
>
> Everything works fine except that the session will time-out and then
> they are forwarded to the "session-timeout-login-again" page. Since the
> data is written to the DB after they have added all items some people
> are losing their work if they happen to hit that 60 minutes.

In the above case it is the ~same~ request within same browser
instance, the session times-out after an inactive interval.

So if they add things to the cart but the browser stays idle for more
than 60 minutes, then the session times out.

However if you implement
http://java.sun.com/javaee/5/docs/api/javax/servlet/http/HttpSessionListener.html
, it sends a notification when the Session is about to be invalidated
( JavaEE 5) , on receiving the notification you can choose to either
commit or rollback the transaction or save it temporarily.


> Does submitting a new Request not constitute a "reset" of the
> session-timeout?

new Request -- yes (if HTTP Redirect is used, it is a new Request)

same Request -- no (if HTTP Forward is used, it is the same Request)

Most likely you are navigating from one page to the next with Http
Forward, which maintains the ~same~ Http Request throughout the
navigation.

> The page should not be cached since a new item is added
> or an error message is given after every form submit.
>
> Thanks in advance for any help / advice. All the best.
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When Http Redirect is used a new session is created and it resets the
session timeout interval....

Session ID : F98B9FA599811B0A206C73316B970EB0
Session was created at : Mon Apr 30 12:52:03 EDT 2007
Perform Http Redirect
Session ID : 4779909EE1A36F003E381D6C913B31E5
Session was created at : Mon Apr 30 12:52:08 EDT 2007

Notice a new session is created above, thus resets the timeout interval.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
When Http Forward is used the same request and thus the same session
exists throughout, so the session timeout interval of the session
created by this request remains the same.

Session ID : 55FD6EF762C1AFC549F2EBBFB7CC5208
Session was created at : Mon Apr 30 12:54:09 EDT 2007
Perform Http Forward
Session ID : 55FD6EF762C1AFC549F2EBBFB7CC5208
Session was created at : Mon Apr 30 12:54:09 EDT 2007
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-Regards
Rashmi

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Session timeout

[Rashmi Rubdi <ra...@gmail.com>]

On 4/30/07, orn amental <au...@gmail.com> wrote:
> How do I limit the amount of messages I receive?

Please create a new thread instead of hijacking this one

> I'd like to be able to "turn on and off" the reception of messages of the
> mailing list without having to unsubscribe. Unfortunately the mailing list
> FAQ email is empty.
> Thanks a lot :)
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Session timeout

[orn amental <au...@gmail.com>]

How do I limit the amount of messages I receive?
I'd like to be able to "turn on and off" the reception of messages of the
mailing list without having to unsubscribe. Unfortunately the mailing list
FAQ email is empty.
Thanks a lot :)