Mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: HttpSession handling
Date Mon, 05 Jan 2004 13:39:04 GMT


>Reading the servlet spec raised a couple of thoughts about http session

The servlet spec v2.4, I hope?

>Should I write a patch for these?

Not yet.

>"SRV.7.6 Last Accessed Times
>The getLastAccessedTime method of the HttpSession interface allows a
>to determine the last time the session was accessed before the current
>request. The session is considered to be accessed when a request that
>of the session is first handled by the servlet container."

See the JavaDoc for this method in the 2.4 servlet spec: it's not the
same as what you quoted above.  It's much cleaner, and tomcat implements
it exactly and correctly.

>Thought #2
>If the session is created by the current request, the
>session.getLastAccessedTime() returns the session creation time. Should
>return 0 instead? I'd find it a bit less incorrect.

I consider creation as a special type of access, and therefore I think
tomcat's behavior is correct.  Does the spec say otherwise?  I also
don't care much for "a bit less incorrect" -- if the spec gives leeway
to the container implementation, we need to have a very good reason to
change current behavior (thereby affecting many users who may rely on

>"SRV.7.5 Session Timeouts
>The session invalidation will not take effect until all servlets using
>session have exited the service method."
>Tomcat does nothing to ensure this.
>To reproduce, set session timeout to 3mins and put the following code
>service method:
>HttpSession session = request.getSession();
>Thread.sleep(200 * 1000L); // a long operation =)
>->IllegalStateException is thrown

That one is interesting.  Are you sure the session has been invalidated
by tomcat and there's no other code running in your webapp that may have
caused this?

Yoav Shapira

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message