jsr356-experts@websocket-spec.java.net

[jsr356-experts] WebSocket Session/HttpSession

From: Danny Coward <danny.coward_at_oracle.com>
Date: Mon, 29 Oct 2012 15:53:47 -0700

Hi folks,

One of the outstanding issues we had was to figure out how to 'touch'
the http session to prevent it timing out. This you might remember was
for the case where a user has logged into web application containing web
sockets (e.g. stock trading with live updates). The user doesn't issue
any more http requests, but the websocket sessions are still open
(ticker updates).

We talked this through with Rajiv - we can use
httpsession.setMaxInactiveInterval to postpone (indefinitely) the expiry
of the http session on the server at any time. But the client cookie
will retain the expiry time of its last http interaction. In which case,
it seems that a browser client will clean out the cookie and the session
will effectively be lost. Obviously we can't set the expiry of the
cookie to an irresponsibly long time.

Has anyone come up against this problem ?

- Danny


-- 
<http://www.oracle.com> 	*Danny Coward *
Java EE
Oracle Corporation