When using the
Refresher add-on, I see that my sessions never expire. That makes sense, but we can’t have our application behaving that way. I
know I’ve seen this discussed before on the forums, but I can’t find the thread now.
Does someone know a way to have sessions still timeout normally when using this, in other words differentiating between user-generated requests and automated ones?
I suspect I can implement
HttpServletRequestListener and check the request for some information about the request source, track the time manually, and invalidate the session manually. But I don’t want to “reinvent the wheel” if this has already been done (and I’m hoping there’s some smarter way to do it!)
Am still looking for a way to check the source of the request when it comes in, but I see that I can very handily add a listener to the Refresher widget to know that it was the source
after the request has started. So I know it’s possible to handle session timeouts manually, but am still looking for a possibly better way.
Unless someone already has a solution, I’ll share what I have once I get this to work.
For what it’s worth, I have this completely working except for the small detail of tables refreshing their data right after the refresher runs. I started
that specific discussion on this thread if someone wants to follow along.
Is there no way to identify the UIDL coming from the refresher component so you can just ignore those?
Do you have a code example that shows how you are making this work. It was a stumbling block for us because we want session timeout to work, but would like a refresher type of solution to allow server-side updates to be sent to the clients as necessary.
To map a request to the corresponding application instance, the servlet must get the session from the server. As far as I can recall, doing so (calling HttpServletRequest.getSession(…)) automatically performs session maintenance tasks such as extending the session lifetime.