java - Session Timeout does not work on Google App Engine -
i have simple jsp servlet web app deployed on google app engine. have sessionlistener implementing httpsessionlistener monitor creation , destroying of sessions.
public class sessionlistener implements httpsessionlistener { private int sessioncount = 0; @override public void sessioncreated(httpsessionevent event) { // todo auto-generated method stub synchronized (this) { sessioncount++; } system.out.println("session created: " + event.getsession().getid()); system.out.println("total sessions: " + sessioncount); } @override public void sessiondestroyed(httpsessionevent event) { // todo auto-generated method stub synchronized (this) { sessioncount--; } system.out.println("session destroyed: " + event.getsession().getid() + ", " + event.getsession().getattribute("loginname")); system.out.println("total sessions: " + sessioncount); } } in web.xml file have set following config allow automated session timeout after 30 minutes:
<session-config> <session-timeout>30</session-timeout> </session-config> in appengine-web.xml file have set following config:
<sessions-enabled>true</sessions-enabled> when deployed , running locally sessions idle 30 minutes destroyed after 30 minutes see in console
"session destroyed: {sessionid} etc" however when got app deployed on gae not find printout in log console of gae admin page idle session. session gets destroyed when explicitly hit logout button calls
httpsession session=request.getsession(false); session.invalidate(); so think idle sessions never destroyed after specific set time. , notice total count of sessions kept increasing new browsers accessing web app.
i know gae deals session way: store sessions in datastore , share them throughout jvms. there way make session timeout work , destroy sessions idle period of time?
tweaking gae built-in sessioncleanupservlet solved problem me. more details: http://www.radomirml.com/blog/2011/03/26/cleaning-up-expired-sessions-from-app-engine-datastore/
Comments
Post a Comment