Ok, I think you mean well, but your answers seem to invoke more questions – respectfully.
Here’s how I understand Heartbeat:
Sent by the client every 5 minutes (by default) to the server, to keep the session alive. Heartbeat is merely just another request to the servlet/session. Java sessions keep-alive when there’s activity.
Sessions
:
Java sessions remain active as long as there is activity within a session timeout period and reset their timeout based on last activity. So, if sessions are set for 3 hours, if a user clicks a button, the session will persist for another 3 hours from that point.
CloseIdleSessions
:
I think what you’re saying is that the servlet/framework ignores heartbeats if this is set to true.
But now, I need clarification on what you said here:
“Let’s say a session timeout of 120 (3 hours) and heartbeat 300 (5 minutes), after 15 minutes without any heartbeat getting into server, the session will be closed.”
Java sessions expire after no activity and after the (or a) set time. In this example, Java sessions will expire in 3 hours. If the user closes their browser, no more heartbeats will be sent, so the (or a) Java session should simply persist for 3 hours from that point on and after that users last interaction (or heartbeat). So, when you say “Session” are you meaning a
Java Servlet Session
or a
UI Session
(ie. User session, specific to Vaadin itself, but not a Java Servlet Session)?
What you’re saying is even though (Java Servlet) sessions are set to expire in 3 hours, if the server doesn’t receive a heartbeat in 15 minutes (5 x 3), then it will expire the session right then, freeing memory?
What mechanism is responsible for expiring a 3 hour session in 15 minutes, on the server side? This is a Vaadin thing, not a servlet feature, yes?
CloseIdleSessions set to true tells the application to ignore heartbeats and simply expire after 3 hours (in this example), pending no user interaction within that time, yes? Otherwise if closeIdleSessions is set to false, then if there’s no heartbeat OR user interaction in 15 minutes (regardless of session timeout duration), kill the session, yes?