0

Unable to make session timeout mechanism to work at all

asked 2016-10-24 07:41:54 +0800

mortella gravatar image mortella
1 1

updated 2016-10-24 08:33:33 +0800

Hi there ! We develop web applications from Zk 6.5 and have never seen session timeout work properly :( I tried tons of combination of the timeout configs, no success...

Now my config is:

  • zk 8.0.3.1
  • jetty 9
  • web.xml timeout: e.g. 1 hour
  • zk.xml:

<session-config>

<device-type>ajax</device-type>

<session-timeout>30</session-timeout>

<automatic-timeout>true</automatic-timeout>

<timeout-uri>/timeout.html</timeout-uri>

</session-config>

  • page: no running timers at all

According to the documentation I except:

after 30 seconds of inactivity the page will be redirected to timeout.html (and probably the session will be invalid or a new one).

What happens:

nothing, when I click a button after 30 sec, i got js alert page with the message:

The server is temporarily out of service. Would you like to try again? (expected expression, got '<' (SyntaxError))

Any help is appreciated

morti

Edit:

Ok then, mistery solved, problem not:

  • after 30 seconds 2-3 auRequest came in and ended in 'garbage' because meyAccessFilter found no 'authenticated user' attribute in those sessions and sent redirects to login.html.
  • browser showed no error alert for the 'unanswered' requests
  • on first real action (eg. button click) happened the same but got the error alert up there...

Quick fix was add /zkau* paths to my "unprotected" contexts, for which my AccessFilter do not check authorization, but only a simple doChain().

Now I get what I wanted to see, but zk requests now are unprotected. I dont want to figure out these 2-3 request's special characteristics to let only them unprotected :(

Is there any solution besides filtering out the specific auRequest ?

delete flag offensive retag edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-10-30 09:41:26 +0800

Darksu gravatar image Darksu
1991 1 4

Hello mortella,

You can always use session timeout using the web.xml

https://www.mkyong.com/servlet/how-to-configure-the-session-timeout-in-servlet/

Best Regards,

Darksu

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
2 followers

RSS

Stats

Asked: 2016-10-24 07:41:54 +0800

Seen: 39 times

Last updated: Oct 30 '16

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More