Session Timeout Question
Say we want to track each user's session, as it may contain unfinished orders. So for each user, there is an entry in our session table--hashmap, the session times out in 3 minutes.
User A logs in, put an order in shopping cart,
then wait for 3 minutes(bathroom break etc). When user
A comes back, the system ask him login again, the system is suppose to log him in and transfer his old session to current session. But since old session timeout,
there is still an entry in the session table. So we got and exception "session already invalidated"
Question: after timeout, how can you prevent the session invalided itself; or, if it invalidates itself, how can you know the next time you login that your old session already invalidated?
Thanks
[799 byte] By [
binchenc] at [2007-9-26 6:56:26]
as far as i can see you have the following choices:
1. increase the session time out. this you do by
calling setMaxInactiveInterval in
javax.servlet.http.HttpSession
OR
2. write the data the user has chosen/created into a cookie. drawback: the shopping cart will not be visible if she logs in from another computer a few hours later.
OR
3. write the data into a database. after the initial login [ you will need this in all cases , so as to mark the shopping cart] and password authentication, if any, you can reconstitute the data object from the database and write it into the session.
in both (2) and (3) you will need to save state at every request [ as it could be the last request before session times out].
OR
4. if you don't want to use cookies or a database, the solution can be along the following lines:
a. during the servlet initialization, create a hashmap.
b. whenever a user logs in, do your authentication and then check if the user was doing stuff before session timed out. if she was in the middle of something, read the data object , stored as a value to the key , which , in this case, will be the login name.
if you don't find login in the key, this guy is coming in for the first time, so create a key and save the data into the hashmap.
c. in cases other than login, save the data in the session into the hashmap and put a timestamp on it. this you do for every request.
the problem with (4) is that you'll need some kind of a timeout and a cleaning machanism [a user may have lost interest and may never come back; you'll be wasting memory in this case. also, a few days like these and you'll be running out of RAM ]. so, we will need some kind of a timeout mechanism [ and thus some kind of garbage collector].
assume that we set the timeout machanism to 24 hours. write a class that extends the java.lang.Thread class
and in the run method, let it sleep for 24 hours, then wake up, go through all the objects in the hashmap and remove any which have been time stamped 24 hours or before. essentially, this class will simply drop the key and the object from the hashmap.
-kamesh
