HttpSession session timeout and lastAccessedTime
206 views
Skip to first unread message
Christopher
Oct 13, 2011, 5:42:39 PM10/13/11
to Google App Engine
I'm having strange problems with session timeouts on appengine. When
running locally the session timeout appears to work fine. The session
is supposed to be 30 minutes. The browser has a timer setup to check
if the user is still logged in 30min + 1 sec after the last successful
async request to server returns. I had initially tried to not
determine our own timeout logic, as setting the maxInactiveInterval is
supposed to invalidate the session (running locally or on appengine
this would not work properly). Am I missing something that's causing
different behavior between running locally versus hosted in appengine?
Thanks for the help.
In our filter setup for each request we load our own custom context,
which is stored with the session. Here is relevant code:
private static void loadCurrentContext(HttpServletRequest req) {
boolean expire = false;
HttpSession session = req.getSession(false);
if (session == null || session.isNew()) {
registerAccountWithSession(null, req);
} else {
// the sessionTimeoutMillis const is 1800000L, or 30 min.
expire = FoxUtil.sessionTimeoutMillis < (System.currentTimeMillis()
- session.getLastAccessedTime());
}
SadfoxServerContext context =
SadfoxServlet.getSadfoxContextFromRequest(req);
if (expire || context == null) {
clearUserSession(req);
registerAccountWithSession(null, req);
context = SadfoxServlet.getSadfoxContextFromRequest(req);
}
if (context != null && context.getActorKey() != null) {
AccountHalper halper = new AccountHalper(context.getActorKey());
halper.populateRolesLists();
context.setActor(halper.getEntity());
}
}
public static SadfoxServerContext
registerAccountWithSession(CloudAccount actor, HttpServletRequest req)
{
HttpSession session = req.getSession(true);
SadfoxServerContext context = new SadfoxServerContext(actor);
context.setClientInfo(req);
// the sessionTimeoutSeconds const is 1800, or 30 min.
session.setMaxInactiveInterval(FoxUtil.sessionTimeoutSeconds);
session.setAttribute(SadfoxServlet.sadfoxContextKey, context);
return context;
}
public static void clearUserSession(HttpServletRequest req) {
registerAccountWithSession(null, req);
HttpSession session = req.getSession(false);
if (session != null) {
session.invalidate();
}
}
running locally the session timeout appears to work fine. The session
is supposed to be 30 minutes. The browser has a timer setup to check
if the user is still logged in 30min + 1 sec after the last successful
async request to server returns. I had initially tried to not
determine our own timeout logic, as setting the maxInactiveInterval is
supposed to invalidate the session (running locally or on appengine
this would not work properly). Am I missing something that's causing
different behavior between running locally versus hosted in appengine?
Thanks for the help.
In our filter setup for each request we load our own custom context,
which is stored with the session. Here is relevant code:
private static void loadCurrentContext(HttpServletRequest req) {
boolean expire = false;
HttpSession session = req.getSession(false);
if (session == null || session.isNew()) {
registerAccountWithSession(null, req);
} else {
// the sessionTimeoutMillis const is 1800000L, or 30 min.
expire = FoxUtil.sessionTimeoutMillis < (System.currentTimeMillis()
- session.getLastAccessedTime());
}
SadfoxServerContext context =
SadfoxServlet.getSadfoxContextFromRequest(req);
if (expire || context == null) {
clearUserSession(req);
registerAccountWithSession(null, req);
context = SadfoxServlet.getSadfoxContextFromRequest(req);
}
if (context != null && context.getActorKey() != null) {
AccountHalper halper = new AccountHalper(context.getActorKey());
halper.populateRolesLists();
context.setActor(halper.getEntity());
}
}
public static SadfoxServerContext
registerAccountWithSession(CloudAccount actor, HttpServletRequest req)
{
HttpSession session = req.getSession(true);
SadfoxServerContext context = new SadfoxServerContext(actor);
context.setClientInfo(req);
// the sessionTimeoutSeconds const is 1800, or 30 min.
session.setMaxInactiveInterval(FoxUtil.sessionTimeoutSeconds);
session.setAttribute(SadfoxServlet.sadfoxContextKey, context);
return context;
}
public static void clearUserSession(HttpServletRequest req) {
registerAccountWithSession(null, req);
HttpSession session = req.getSession(false);
if (session != null) {
session.invalidate();
}
}
Christopher
Oct 14, 2011, 1:46:29 PM10/14/11
to Google App Engine
I managed to fix this, and I have a feeling that the
session.setMaxInactiveInterval() method was not saving properly across
requests. As soon as I added the <session-timeout> config to the
web.xml, everything started working fine.
session.setMaxInactiveInterval() method was not saving properly across
requests. As soon as I added the <session-timeout> config to the
web.xml, everything started working fine.
Reply all
Reply to author
Forward
0 new messages