You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by mfs <fa...@gmail.com> on 2008/04/22 20:55:47 UTC
custom timeout/expiry implementation
Guys,
Guys
Actually i need to provide my own session timeOut/expiry implementation and
i was wondering what would be the easiest way to achieve this, i am using
tomcat for development but oc4j for production, and i was wondering if
somehow i can hook in my implementation into various servlet containers..
Thanks in advance
Farhan.
--
View this message in context: http://www.nabble.com/custom-timeout-expiry-implementation-tp16825415p16825415.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: custom timeout/expiry implementation
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Farhan,
mfs wrote:
| Actually, i need a mean by which i can extend the session (in some
cases) if
| the session is about to expire. I know i can certainly do this with
| Session.setMaxTimeInternal() but thats only possible with some client
event
| (i.e. when the servlet/filter is invoked), which doesn't satisfy my
needs.
| Something like HttpSessionListener.preSessionDestroyed() is what i need..I
| wonder why cant they give such control.
If you need longer sessions, why not just change the configured session
timeout?
You mentioned that some sessions should time-out earlier than others.
Rather than attempting to extend the life of some sessions, why not turn
it around and extend the life of all sessions, and cur others short?
It's easier to invalidate a session early than it is to extend the life
of a session.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgQ8TAACgkQ9CaO5/Lv0PAYZACdELDU7yvltoEA3ZkH34zoME1N
OnIAn1Y3n2ChP8+8ycYnpFz6I1DcE/a5
=tXey
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RES: custom timeout/expiry implementation
Posted by "Milanez, Marcus" <Ma...@diebold.com>.
Hello,
We've implemented a similar solution for that, which consists on opening
a modal dialog in the browser asking for user password again, thus
extending session duration if he correctly enters it, one minute before
the user session expires. We've used regular javascript setInterval to
accomplish it, so that it opens a dialog if a user is inactive for this
period of time... It worked very well...
Yours,
Marcus Milanez
-----Mensagem original-----
De: mfs [mailto:farhan.sarwar@gmail.com]
Enviada em: quinta-feira, 24 de abril de 2008 15:47
Para: users@tomcat.apache.org
Assunto: Re: custom timeout/expiry implementation
Actually, i need a mean by which i can extend the session (in some
cases) if the session is about to expire. I know i can certainly do this
with
Session.setMaxTimeInternal() but thats only possible with some client
event (i.e. when the servlet/filter is invoked), which doesn't satisfy
my needs.
Something like HttpSessionListener.preSessionDestroyed() is what i
need..I wonder why cant they give such control..
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Farhan,
>
> mfs wrote:
> | Actually i need to provide my own session timeOut/expiry
> implementation and
> | i was wondering what would be the easiest way to achieve this, i am
> using
> | tomcat for development but oc4j for production, and i was wondering
> | if somehow i can hook in my implementation into various servlet
> containers..
>
> You could use a Filter to check whatever condition should expire
> sessions. The Filter can certainly call HttpSession.invalidate() at
> any time.
>
> Filters are (usually) cross-container because they only have access to
> standard Servlet-API stuff.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkgOQ2gACgkQ9CaO5/Lv0PAAKACgwmdE9sTrDP/a1V4WdaYfVN8V
> N+cAnA+Q784oRGuFiBmHbfHNjLlt/GWS
> =bLPb
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
> e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context:
http://www.nabble.com/custom-timeout-expiry-implementation-tp16825415p16
851515.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: custom timeout/expiry implementation
Posted by mfs <fa...@gmail.com>.
Actually, i need a mean by which i can extend the session (in some cases) if
the session is about to expire. I know i can certainly do this with
Session.setMaxTimeInternal() but thats only possible with some client event
(i.e. when the servlet/filter is invoked), which doesn't satisfy my needs.
Something like HttpSessionListener.preSessionDestroyed() is what i need..I
wonder why cant they give such control..
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Farhan,
>
> mfs wrote:
> | Actually i need to provide my own session timeOut/expiry
> implementation and
> | i was wondering what would be the easiest way to achieve this, i am
> using
> | tomcat for development but oc4j for production, and i was wondering if
> | somehow i can hook in my implementation into various servlet
> containers..
>
> You could use a Filter to check whatever condition should expire
> sessions. The Filter can certainly call HttpSession.invalidate() at any
> time.
>
> Filters are (usually) cross-container because they only have access to
> standard Servlet-API stuff.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkgOQ2gACgkQ9CaO5/Lv0PAAKACgwmdE9sTrDP/a1V4WdaYfVN8V
> N+cAnA+Q784oRGuFiBmHbfHNjLlt/GWS
> =bLPb
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/custom-timeout-expiry-implementation-tp16825415p16851515.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: custom timeout/expiry implementation
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Farhan,
mfs wrote:
| Actually i need to provide my own session timeOut/expiry
implementation and
| i was wondering what would be the easiest way to achieve this, i am using
| tomcat for development but oc4j for production, and i was wondering if
| somehow i can hook in my implementation into various servlet containers..
You could use a Filter to check whatever condition should expire
sessions. The Filter can certainly call HttpSession.invalidate() at any
time.
Filters are (usually) cross-container because they only have access to
standard Servlet-API stuff.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgOQ2gACgkQ9CaO5/Lv0PAAKACgwmdE9sTrDP/a1V4WdaYfVN8V
N+cAnA+Q784oRGuFiBmHbfHNjLlt/GWS
=bLPb
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org