Vaadin 6. Refresher add-on and session timeout.

Hi Vaadin community!

We are using the refresher add-on with vaadin 6 hosted on Liferay and we are having a big problem with it: the session will never timeout. The reason for this is very simple: Liferay does not make any difference from a user-initiated ajax call and a refresher-initiated call.

I have read a few threads about it and the only solution was to manually handle the session management, this is something we would like to avoid as much as possible.

After doing some research, I think there is a way to do this while keeping the liferay session management. What I would like to do with this post is propose my solution and ask if anyone on here have any considerations that we maybe did not think about.

My first finding was that the session was explicitly extended by vaadin inside the ApplicationConnection class. So the next question was: how to remove the call to extendLiferaySession() only when we have a refresher-initiated call? First, it is required to find out which components are part of an ajax request. When we have this information, we need to block the call to extendLiferaySession(). This is all good in theory but how to apply this to vaadin without having to modify the jar file?

This is the exact approach I used to solve the problem above.

First, create a sub class of ApplicationConnection. Next, tell the GWT compiler to use your own class instead of the ApplicationConnection class. This is possible by configuring the widgetset.gwt.xml file:

    <replace-with class="com.vaadin.custom.CustomApplicationConnection">
    	<when-type-is class="com.vaadin.terminal.gwt.client.ApplicationConnection"/>

Next, find if the request contains a refresher. The only way I found to find this information is to override the makeUidlRequest method and set a flag for later use:

	protected void makeUidlRequest(final String requestData, final String extraParams, final boolean forceSync)
		VConsole.log("==============> makeUidlRequest()");
		String[] classes = getPaintableClasses(requestData);
		for(String className : classes)
			VConsole.log("\tClass=" + className);
				VConsole.log("\t\tRefresher class found, this request will not extend the liferay session");
				shouldExtendSession = false;

		super.makeUidlRequest(requestData, extraParams, forceSync);

When we have this flag set, we can block or allow extendLiferaySession() by overriding it.

	protected void extendLiferaySession()
		VConsole.log("==============> extendLiferaySession()");
		VConsole.log("\tExtending session? " + shouldExtendSession);

		if (shouldExtendSession)
		shouldExtendSession = true;

This seems to work correctly but I have two concerns:

-The server session will not be in sync with the browser session. I don’t think it’s a problem since when the browser session it explicitly expire() the session but I am afraid that I might be missing something important here.
-Is there anything else I might have missed?