According to the documentation, getLastAccessedTime() is updated every time a request is made within the life of the session.
My application has a Heartbeat servlet which is called every minute after user logs into the system and starts an important scan process. When user logs in, a session is created and from then on Heartbeat is called periodically(every minute). So logically this should mean that the lastAccessedTime is updated every minute. Is this assumption correct?
Next, I have a session timeout settings of 15mins. If a user has been inactive for 15 mins (when not running the scan), the session is destroyed and caught in HttpSessionListener's sessionDestroyed method. Therefore lastAccessedTime should show that session was last accessed precisely 15mins ago. The only time it will not show this is when the user logs out himself.
To make it clear, is it safe to use lastAccessedTime to find when the user was last active in the session. Also, is it safe to assume that the time will always be 15mins when a session is destroyed due to inactivity?
Aucun commentaire:
Enregistrer un commentaire