Keeping a session active with ajax

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Keeping a session active with ajax

Jerry Malcolm
In my app a logged in user will access a page.  But then all of the
interaction on the page is done back and forth with ajax calls to the
server.  The ajax activities within the page could last well over the 30
minute session timeout. Even though the user has been actively working
for 30-45 minutes with lots of server calls, all of a sudden they aren't
logged in any more.  The ajax calls are definitely successfully
accessing the session since the ajax APIs utilize the logged on user,
roles, etc.  They just aren't pinging the keep-alive bit in the session
for some reason.  I'm not really sure what would be different in the
calls from a regular page call from the browser vs an ajax call.  They
both make a request that goes to a servlet or jsp and they both get
response data back from tomcat.  But the session times out if I don't do
a real page call.  What am I missing?

I really don't want to change the 'inactivity' timeout.  I just need to
figure out how to tell tomcat with all of the ajax calls that the
session is still very active.  Is there an easy solution?

Thx

Jerry

BTW... TC 8.5


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Martin Grigorov
Hi,

Which version of Tomcat ?

On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
wrote:

> In my app a logged in user will access a page.  But then all of the
> interaction on the page is done back and forth with ajax calls to the
> server.  The ajax activities within the page could last well over the 30
> minute session timeout. Even though the user has been actively working
> for 30-45 minutes with lots of server calls, all of a sudden they aren't
> logged in any more.  The ajax calls are definitely successfully
> accessing the session since the ajax APIs utilize the logged on user,
> roles, etc.  They just aren't pinging the keep-alive bit in the session
> for some reason.  I'm not really sure what would be different in the
> calls from a regular page call from the browser vs an ajax call.  They
> both make a request that goes to a servlet or jsp and they both get
> response data back from tomcat.  But the session times out if I don't do
> a real page call.  What am I missing?
>

Nothing!
Any request that uses the HttpSession
(HttpServletRequest.getHttpSession(true)) will "touch" the session and
update its "lastUsed" time, so it should not time out during active usage
of the application.
There must be something else that invalidates the http session.


>
> I really don't want to change the 'inactivity' timeout.  I just need to
> figure out how to tell tomcat with all of the ajax calls that the
> session is still very active.  Is there an easy solution?
>
> Thx
>
> Jerry
>
> BTW... TC 8.5
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Maxim Solodovnik
Maybe offtopic
but websocket requests seems to not warming up the HttpSession

Tomcat 9.0.44
Wicket 9.2.0 :)

On Mon, 15 Mar 2021 at 14:43, Martin Grigorov <[hidden email]> wrote:

>
> Hi,
>
> Which version of Tomcat ?
>
> On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
> wrote:
>
> > In my app a logged in user will access a page.  But then all of the
> > interaction on the page is done back and forth with ajax calls to the
> > server.  The ajax activities within the page could last well over the 30
> > minute session timeout. Even though the user has been actively working
> > for 30-45 minutes with lots of server calls, all of a sudden they aren't
> > logged in any more.  The ajax calls are definitely successfully
> > accessing the session since the ajax APIs utilize the logged on user,
> > roles, etc.  They just aren't pinging the keep-alive bit in the session
> > for some reason.  I'm not really sure what would be different in the
> > calls from a regular page call from the browser vs an ajax call.  They
> > both make a request that goes to a servlet or jsp and they both get
> > response data back from tomcat.  But the session times out if I don't do
> > a real page call.  What am I missing?
> >
>
> Nothing!
> Any request that uses the HttpSession
> (HttpServletRequest.getHttpSession(true)) will "touch" the session and
> update its "lastUsed" time, so it should not time out during active usage
> of the application.
> There must be something else that invalidates the http session.
>
>
> >
> > I really don't want to change the 'inactivity' timeout.  I just need to
> > figure out how to tell tomcat with all of the ajax calls that the
> > session is still very active.  Is there an easy solution?
> >
> > Thx
> >
> > Jerry
> >
> > BTW... TC 8.5
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
> >



--
Best regards,
Maxim

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Martin Grigorov
Hi Maxim,

On Mon, Mar 15, 2021 at 9:46 AM Maxim Solodovnik <[hidden email]>
wrote:

> Maybe offtopic
> but websocket requests seems to not warming up the HttpSession
>

The websocket messages do not bring the JSESSIONID cookie/request parameter
and there is no way to lookup the http session from the web container
(Tomcat).
Wicket creates a copy of the HttpSession at WebSocket connection creation
time and uses it until the closing of the connection.
So, yes, the real http session may expire if you use only websocket based
communication.

Martin

P.S. Congrats for Apache OpenMeetings 6.0!


>
> Tomcat 9.0.44
> Wicket 9.2.0 :)
>
> On Mon, 15 Mar 2021 at 14:43, Martin Grigorov <[hidden email]>
> wrote:
> >
> > Hi,
> >
> > Which version of Tomcat ?
> >
> > On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
> > wrote:
> >
> > > In my app a logged in user will access a page.  But then all of the
> > > interaction on the page is done back and forth with ajax calls to the
> > > server.  The ajax activities within the page could last well over the
> 30
> > > minute session timeout. Even though the user has been actively working
> > > for 30-45 minutes with lots of server calls, all of a sudden they
> aren't
> > > logged in any more.  The ajax calls are definitely successfully
> > > accessing the session since the ajax APIs utilize the logged on user,
> > > roles, etc.  They just aren't pinging the keep-alive bit in the session
> > > for some reason.  I'm not really sure what would be different in the
> > > calls from a regular page call from the browser vs an ajax call.  They
> > > both make a request that goes to a servlet or jsp and they both get
> > > response data back from tomcat.  But the session times out if I don't
> do
> > > a real page call.  What am I missing?
> > >
> >
> > Nothing!
> > Any request that uses the HttpSession
> > (HttpServletRequest.getHttpSession(true)) will "touch" the session and
> > update its "lastUsed" time, so it should not time out during active usage
> > of the application.
> > There must be something else that invalidates the http session.
> >
> >
> > >
> > > I really don't want to change the 'inactivity' timeout.  I just need to
> > > figure out how to tell tomcat with all of the ajax calls that the
> > > session is still very active.  Is there an easy solution?
> > >
> > > Thx
> > >
> > > Jerry
> > >
> > > BTW... TC 8.5
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [hidden email]
> > > For additional commands, e-mail: [hidden email]
> > >
> > >
>
>
>
> --
> Best regards,
> Maxim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Christopher Schultz-2
Martin,

On 3/15/21 04:08, Martin Grigorov wrote:

> Hi Maxim,
>
> On Mon, Mar 15, 2021 at 9:46 AM Maxim Solodovnik <[hidden email]>
> wrote:
>
>> Maybe offtopic
>> but websocket requests seems to not warming up the HttpSession
>>
>
> The websocket messages do not bring the JSESSIONID cookie/request parameter
> and there is no way to lookup the http session from the web container
> (Tomcat).
> Wicket creates a copy of the HttpSession at WebSocket connection creation
> time and uses it until the closing of the connection.
> So, yes, the real http session may expire if you use only websocket based
> communication.

Yes, but that's not AJAX, as the OP mentioned. Perhaps "AJAX" just means
"communication using javascript without 'traditional' navigation".

Thanks,
-chris

>> Tomcat 9.0.44
>> Wicket 9.2.0 :)
>>
>> On Mon, 15 Mar 2021 at 14:43, Martin Grigorov <[hidden email]>
>> wrote:
>>>
>>> Hi,
>>>
>>> Which version of Tomcat ?
>>>
>>> On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
>>> wrote:
>>>
>>>> In my app a logged in user will access a page.  But then all of the
>>>> interaction on the page is done back and forth with ajax calls to the
>>>> server.  The ajax activities within the page could last well over the
>> 30
>>>> minute session timeout. Even though the user has been actively working
>>>> for 30-45 minutes with lots of server calls, all of a sudden they
>> aren't
>>>> logged in any more.  The ajax calls are definitely successfully
>>>> accessing the session since the ajax APIs utilize the logged on user,
>>>> roles, etc.  They just aren't pinging the keep-alive bit in the session
>>>> for some reason.  I'm not really sure what would be different in the
>>>> calls from a regular page call from the browser vs an ajax call.  They
>>>> both make a request that goes to a servlet or jsp and they both get
>>>> response data back from tomcat.  But the session times out if I don't
>> do
>>>> a real page call.  What am I missing?
>>>>
>>>
>>> Nothing!
>>> Any request that uses the HttpSession
>>> (HttpServletRequest.getHttpSession(true)) will "touch" the session and
>>> update its "lastUsed" time, so it should not time out during active usage
>>> of the application.
>>> There must be something else that invalidates the http session.
>>>
>>>
>>>>
>>>> I really don't want to change the 'inactivity' timeout.  I just need to
>>>> figure out how to tell tomcat with all of the ajax calls that the
>>>> session is still very active.  Is there an easy solution?
>>>>
>>>> Thx
>>>>
>>>> Jerry
>>>>
>>>> BTW... TC 8.5
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [hidden email]
>>>> For additional commands, e-mail: [hidden email]
>>>>
>>>>
>>
>>
>>
>> --
>> Best regards,
>> Maxim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Jerry Malcolm
In reply to this post by Martin Grigorov

On 3/15/2021 2:42 AM, Martin Grigorov wrote:
> Hi,
>
> Which version of Tomcat ?
I'm running Tomcat 8.5.30 on AWS Linux 2.

>
> On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
> wrote:
>
>> In my app a logged in user will access a page.  But then all of the
>> interaction on the page is done back and forth with ajax calls to the
>> server.  The ajax activities within the page could last well over the 30
>> minute session timeout. Even though the user has been actively working
>> for 30-45 minutes with lots of server calls, all of a sudden they aren't
>> logged in any more.  The ajax calls are definitely successfully
>> accessing the session since the ajax APIs utilize the logged on user,
>> roles, etc.  They just aren't pinging the keep-alive bit in the session
>> for some reason.  I'm not really sure what would be different in the
>> calls from a regular page call from the browser vs an ajax call.  They
>> both make a request that goes to a servlet or jsp and they both get
>> response data back from tomcat.  But the session times out if I don't do
>> a real page call.  What am I missing?
>>
> Nothing!
> Any request that uses the HttpSession
> (HttpServletRequest.getHttpSession(true)) will "touch" the session and
> update its "lastUsed" time, so it should not time out during active usage
> of the application.
> There must be something else that invalidates the http session.
>
>
>> I really don't want to change the 'inactivity' timeout.  I just need to
>> figure out how to tell tomcat with all of the ajax calls that the
>> session is still very active.  Is there an easy solution?
>>
>> Thx
>>
>> Jerry
>>
>> BTW... TC 8.5
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Martin Grigorov
In reply to this post by Christopher Schultz-2
Chris,

On Mon, Mar 15, 2021, 18:28 Christopher Schultz <
[hidden email]> wrote:

> Martin,
>
> On 3/15/21 04:08, Martin Grigorov wrote:
> > Hi Maxim,
> >
> > On Mon, Mar 15, 2021 at 9:46 AM Maxim Solodovnik <[hidden email]>
> > wrote:
> >
> >> Maybe offtopic
> >> but websocket requests seems to not warming up the HttpSession
> >>
> >
> > The websocket messages do not bring the JSESSIONID cookie/request
> parameter
> > and there is no way to lookup the http session from the web container
> > (Tomcat).
> > Wicket creates a copy of the HttpSession at WebSocket connection creation
> > time and uses it until the closing of the connection.
> > So, yes, the real http session may expire if you use only websocket based
> > communication.
>
> Yes, but that's not AJAX, as the OP mentioned. Perhaps "AJAX" just means
> "communication using javascript without 'traditional' navigation".
>

Did you read my first answer and Maxim's email?


> Thanks,
> -chris
> >> Tomcat 9.0.44
> >> Wicket 9.2.0 :)
> >>
> >> On Mon, 15 Mar 2021 at 14:43, Martin Grigorov <[hidden email]>
> >> wrote:
> >>>
> >>> Hi,
> >>>
> >>> Which version of Tomcat ?
> >>>
> >>> On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
> >>> wrote:
> >>>
> >>>> In my app a logged in user will access a page.  But then all of the
> >>>> interaction on the page is done back and forth with ajax calls to the
> >>>> server.  The ajax activities within the page could last well over the
> >> 30
> >>>> minute session timeout. Even though the user has been actively working
> >>>> for 30-45 minutes with lots of server calls, all of a sudden they
> >> aren't
> >>>> logged in any more.  The ajax calls are definitely successfully
> >>>> accessing the session since the ajax APIs utilize the logged on user,
> >>>> roles, etc.  They just aren't pinging the keep-alive bit in the
> session
> >>>> for some reason.  I'm not really sure what would be different in the
> >>>> calls from a regular page call from the browser vs an ajax call.  They
> >>>> both make a request that goes to a servlet or jsp and they both get
> >>>> response data back from tomcat.  But the session times out if I don't
> >> do
> >>>> a real page call.  What am I missing?
> >>>>
> >>>
> >>> Nothing!
> >>> Any request that uses the HttpSession
> >>> (HttpServletRequest.getHttpSession(true)) will "touch" the session and
> >>> update its "lastUsed" time, so it should not time out during active
> usage
> >>> of the application.
> >>> There must be something else that invalidates the http session.
> >>>
> >>>
> >>>>
> >>>> I really don't want to change the 'inactivity' timeout.  I just need
> to
> >>>> figure out how to tell tomcat with all of the ajax calls that the
> >>>> session is still very active.  Is there an easy solution?
> >>>>
> >>>> Thx
> >>>>
> >>>> Jerry
> >>>>
> >>>> BTW... TC 8.5
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: [hidden email]
> >>>> For additional commands, e-mail: [hidden email]
> >>>>
> >>>>
> >>
> >>
> >>
> >> --
> >> Best regards,
> >> Maxim
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]
> >> For additional commands, e-mail: [hidden email]
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Keeping a session active with ajax

Maxim Solodovnik
I was able to warm-up HttpSession by adding `fetch('...', {cache:
"no-store"})` to JS code
So there should be no problems with AJAX :)

On Tue, 16 Mar 2021 at 01:45, Martin Grigorov <[hidden email]> wrote:

>
> Chris,
>
> On Mon, Mar 15, 2021, 18:28 Christopher Schultz <
> [hidden email]> wrote:
>
> > Martin,
> >
> > On 3/15/21 04:08, Martin Grigorov wrote:
> > > Hi Maxim,
> > >
> > > On Mon, Mar 15, 2021 at 9:46 AM Maxim Solodovnik <[hidden email]>
> > > wrote:
> > >
> > >> Maybe offtopic
> > >> but websocket requests seems to not warming up the HttpSession
> > >>
> > >
> > > The websocket messages do not bring the JSESSIONID cookie/request
> > parameter
> > > and there is no way to lookup the http session from the web container
> > > (Tomcat).
> > > Wicket creates a copy of the HttpSession at WebSocket connection creation
> > > time and uses it until the closing of the connection.
> > > So, yes, the real http session may expire if you use only websocket based
> > > communication.
> >
> > Yes, but that's not AJAX, as the OP mentioned. Perhaps "AJAX" just means
> > "communication using javascript without 'traditional' navigation".
> >
>
> Did you read my first answer and Maxim's email?
>
>
> > Thanks,
> > -chris
> > >> Tomcat 9.0.44
> > >> Wicket 9.2.0 :)
> > >>
> > >> On Mon, 15 Mar 2021 at 14:43, Martin Grigorov <[hidden email]>
> > >> wrote:
> > >>>
> > >>> Hi,
> > >>>
> > >>> Which version of Tomcat ?
> > >>>
> > >>> On Mon, Mar 15, 2021 at 8:25 AM Jerry Malcolm <[hidden email]>
> > >>> wrote:
> > >>>
> > >>>> In my app a logged in user will access a page.  But then all of the
> > >>>> interaction on the page is done back and forth with ajax calls to the
> > >>>> server.  The ajax activities within the page could last well over the
> > >> 30
> > >>>> minute session timeout. Even though the user has been actively working
> > >>>> for 30-45 minutes with lots of server calls, all of a sudden they
> > >> aren't
> > >>>> logged in any more.  The ajax calls are definitely successfully
> > >>>> accessing the session since the ajax APIs utilize the logged on user,
> > >>>> roles, etc.  They just aren't pinging the keep-alive bit in the
> > session
> > >>>> for some reason.  I'm not really sure what would be different in the
> > >>>> calls from a regular page call from the browser vs an ajax call.  They
> > >>>> both make a request that goes to a servlet or jsp and they both get
> > >>>> response data back from tomcat.  But the session times out if I don't
> > >> do
> > >>>> a real page call.  What am I missing?
> > >>>>
> > >>>
> > >>> Nothing!
> > >>> Any request that uses the HttpSession
> > >>> (HttpServletRequest.getHttpSession(true)) will "touch" the session and
> > >>> update its "lastUsed" time, so it should not time out during active
> > usage
> > >>> of the application.
> > >>> There must be something else that invalidates the http session.
> > >>>
> > >>>
> > >>>>
> > >>>> I really don't want to change the 'inactivity' timeout.  I just need
> > to
> > >>>> figure out how to tell tomcat with all of the ajax calls that the
> > >>>> session is still very active.  Is there an easy solution?
> > >>>>
> > >>>> Thx
> > >>>>
> > >>>> Jerry
> > >>>>
> > >>>> BTW... TC 8.5
> > >>>>
> > >>>>
> > >>>> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: [hidden email]
> > >>>> For additional commands, e-mail: [hidden email]
> > >>>>
> > >>>>
> > >>
> > >>
> > >>
> > >> --
> > >> Best regards,
> > >> Maxim
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: [hidden email]
> > >> For additional commands, e-mail: [hidden email]
> > >>
> > >>
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
> >



--
Best regards,
Maxim

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]