tags:

views:

507

answers:

2
Q: 

HttpSession.setMaxInactiveInterval not working in Tomcat 6

I'm trying to adjust the session timeout using HttpSession.setMaxInactiveInterval and it's not working.

Here is my code (Groovy), which is executing without exceptions:

def paramValue = WebAttributes.REQUEST.getParameter('maxInactiveSeconds');
println 'paramValue=' + paramValue;
if (paramValue != null) {
  def seconds = Integer.parseInt(paramValue);
  WebAttributes.REQUEST.getSession().setMaxInactiveInterval(seconds);
}

Some details:

  • Tomcat 6.0.16
  • This is happening in a webapp separate from the 'normal' one (i.e. with visual content), but I have defined emptySessionPath="true" so the session *should* be shared across webapps

thanks,

haruspex

+1  A: 

How did you test it? Every new request would postpone the timeout again, do you know? So F5'ing the request until the expected timeout ain't going to help. The webcontainer will also not immediately destroy the session, so you won't see immediate result from any HttpSessionListener. It will reap them at certain intervals, which may be each minute, but can also be each 15 minutes. It will however reap it immediately if a new request came in after the timeout.

With regard to your "the session should be shared" phrase, best way to verify this is of course by checking the session ID, either programmatically (e.g. displaying ${pageContext.session.id}) or by just determining the value of the jsessionid cookie in your webbrowser.

To monitor the actual session creation and destroy, implement a dummy HttpSessionListener. Here's a basic example: 

public class MyHttpSessionListener implements HttpSessionListener {
    public void sessionCreated(HttpSessionEvent event) {
        System.out.printf("%s session %s created %n", new Date(), event.getSession().getId());
    }
    public void sessionDestroyed(HttpSessionEvent event) {
        System.out.printf("%s session %s destroyed %n", new Date(), event.getSession().getId());
    }
}

Hope this helps.

BalusC  2009-12-05 04:55:22
Thanks for your thoughtful and knowledgeable reply.I have a JavaScript-based session timeout warning message embedded on the page. It starts a timer with duration based on HttpSession.getMaxInactiveInterval(). My code doesn't appear to be altering this value at all -- I attempt to set it to 40 sec. (for automated testing) but it's still 30 min. when the page renters.
Drew Wills  2009-12-07 18:00:54
A: 

Turns out there was another technology setting the maxInactiveInterval back to 30 min, overriding my attempts to change it.

Tomcat, Java, etc. were all working as expected.

Drew Wills  2009-12-17 15:52:37

related questions

What are the advantages and disadvantages of DTOs from a website performance perspective?
ADF Business Components thru RMI Vs EJB and Toplink
Can't add server to a moved workspace
J2EE App Server Hello World
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Usable JSP/Servlet Hosting
Get Methods: One vs Many
What tools are there for timed batch processes in J2EE?
Beginning J2EE
Modify an xml files in a jar file with Java
What are the pros and cons of using RMI or JMS between web and business tiers?
Good pattern or framework for adding auditing to an existing app?
ResourceBundle from Java/Struts and replace expressions
Java Servlet 404 errors
track down file handle
Senior J2EE interview questions
How do I remotely get a checksum for a file on a Windows machine?
Can the Weblogic default handler display the list of contexts?
Are there any Open Source / Free Software alternatives to ATG?
Can you programmatically restart a j2ee application?
How do you build a multi-language web site?
JSF Lifecycle and Custom components
J2EE - DAO DVO
What's your "best practice" for the first Java EE Spring project?
Can someone give me a working example of a build.xml for an EAR that deploys in WebSphere 6