0

I am using spring security in my application and my session time out is 30 min. and i am also using some ajax call in the front end.

my issues are:-

Problem-1 I am doing .xml file uploading through ajax call it will take more than 30 min it may b take 1 hour(it depends on the file size). how to handle session time out for ajax call in spring security or any other way? because after file uploaded successfully it redirect me to login page actually i don't need this. i want to update my session in server side while any ajax call is happening in my application.

Please help me to solve this issue.

Ajax Code

function uploadForm() {

        if ($('div.bootstrap-filestyle').find('input[type="text"]')
                .val() == "") {
            alert("No file selected");
        } else {
            var selectedActionUrl = $("#drpLink").val();
            console.log(selectedActionUrl);
            var Url = "";
            if (selectedActionUrl == 1) {
        Url = "${pageContext.request.contextPath}/excellUpload";
            } 

            console.log('file uploading..');
            var $statusMsgDiv = $('div#status-msg');
            $('#result').html('');
            var $uploadFrm = $("#uploadForm");
            $uploadFrm.attr('action', fUrl);
            $uploadFrm.ajaxForm(
                {
                beforeSend : function() {
                    //some logic    
                },
                success : function(jsonRes) {
                //some logic
                },
                error : function(xhr, textStatus,errorThrown) {
                //some logic

                }).submit();
        }
        return false;
        }

Server Side Code

web.xml file

//..... some code
Login.jsp

<error-page>
    <error-code>404</error-code>
    <location>/404</location>
</error-page>

<session-config>
    <session-timeout>30</session-timeout>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

problem 2

should i need to update my session time out value each time in fileUpload controller or need to write any other controller which can serve all the ajax request or response ? please help me to fix this issue. Thanks in advance.....

Abhishek Nayak
  • 3,732
  • 3
  • 33
  • 64
  • for some file upload it will take 5 to 8 hour also so i want it dynamically when an ajax request is going on the server i don't want any session time out. after user stay idle for 30 min with out any db hit/ajax call that time only i need session time out. – Abhishek Nayak Jul 21 '15 at 06:35

3 Answers3

1

for some file upload it will take 5 to 8 hour also so i want it dynamically when an ajax request is going on the server i don't want any session time out. after user stay idle for 30 min with out any db hit/ajax call that time only i need session time out.

<session-config>
    <session-timeout>30</session-timeout>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

when you configure session timeout in web.xml, in this scenario session will only timeout if the period of inactivity between the client & the browser is more than 30 mins. If there is a request from the client within these 30 mins. Session will again reset it's timeout counter to further 30 mins. Even if you don't configure session-timeout there is a default server session timeout time interval. For tomcat it's 30 mins, server will automatically invalidate the session after 30 mins of inactivity.

Now regarding your ajax file upload process if there is a continuous interaction between client & server. Session will not time out. Sessions in web applications only time out primarily because of two reasons 1. Security 2. Inactivity, Resources allocated to the session can be reclaimed if the client doesn't require them anymore.

Programmatically with you ajax request you can set the session time out 

HttpSession session = request.getSession();
session.setMaxInactiveInterval(20*60);

which takes precedence over web.xml configuration.

You can also implement cookie based session persistence

yes i tried multiple times immediately it's redirecting into login page after file upload success/failure.(when the file upload take more than 30 min.

You need to create a heartbeat interceptor between client & the server. In the same ajax call where you upload the file. You have to send request to the server periodically after every n seconds/mins this will keep your session alive. Create a callback function in ajax which stops sending the requests once your file is uploaded on the server. Check this & this

Community
  • 1
  • 1
underdog
  • 4,447
  • 9
  • 44
  • 89
  • so your telling before ajax call i need to set MaxInactiveInterval time dynamically but how i will get to know, how much time it will take(file upload). for different ajax call i cant predict the max time. It's correct but it will not work in my application. whenever any ajax response happens in my application i need to reset my session value. – Abhishek Nayak Jul 21 '15 at 07:55
  • In my opinion you don't have to do anything. I don't think your session will time out on file upload. Did you try testing the scenarios? – underdog Jul 21 '15 at 08:24
  • yes i tried multiple times immediately it's redirecting into login page after file upload success/failure.(when the file upload take more than 30 min.) – Abhishek Nayak Jul 21 '15 at 08:43
  • In ajax request i want to stop the session time out when response come then i need to reset the session time out? is it possible to do like this for every ajax call? Please let me know. – Abhishek Nayak Jul 21 '15 at 08:45
  • yes its working but still am facing one more issue now clearInterval() method not working. due to this i am unable to get session time out. check the below code – Abhishek Nayak Jul 23 '15 at 08:20
  • Check the browser console for the errors. Debug the ajax code on the client side & please except the answer if it has helped you. – underdog Jul 23 '15 at 08:33
  • yes before setinterval() call need to call clearInterval(). Now It's working fine. thanks so much. Can i do implement in global ajax call? because in my application so many ajax call are there some task require more than session time out time like file upload. is it right way to do like this. – Abhishek Nayak Jul 23 '15 at 10:18
  • Yes implement this technique only where you require it. If you implement this globally there would be useless request response cycle to & fro from server. Eating up resources plus your server will never timeout the session due to inactivity which is not good. – underdog Jul 23 '15 at 10:27
  • but how i will do handle session time out check for all ajax call? server side or client side (global ajax call)? before any ajax call happens i want to check session is valid or not? – Abhishek Nayak Jul 24 '15 at 06:37
0

Instead of setting your session timeout thru web.xml, try setting it in your controller dynamically. You can set it like this,

HttpSession session = request.getSession();
session.setMaxInactiveInterval(dynamicMinutesValue*60);

Source

underdog
  • 4,447
  • 9
  • 44
  • 89
Anand
  • 305
  • 1
  • 2
  • 9
-1

You could do this approach:

Create a URL that does not require any session variable. That being said, I am thinking that you are setting your session somewhere in your login functionality. Make sure that the upload URL is accessible without being able to login.

To do that, you should have a listener / interceptor that makes sure that all the URL's being accessed by a client is in session or not. That way, you can control, not just your upload, but any other URL you want to bypass session timeouts. :)

There are a lot of ways to skin this cat.

Let me know if this makes sense.

Thanks.

Miki
  • 103
  • 1
  • 11
  • Without a session how will you maintain the state of the application. How will the application figure out that every time the request is from the same user? – underdog Jul 21 '15 at 07:01
  • That's simple, you don't allow a client to do multiple uploads. If you don't want that approach tho, create a thread that runs your upload functionality. If you create a thread outside of your application, that will not count as part of the session time out. That will be given a session of it's own in the JVM environment and will not be subject to session timeout. – Miki Jul 22 '15 at 07:03
  • You may want to do this: function upload(File file) {Thread uploadThread = new Thread() { public void run() {//do your file upload logice here }}; uploadThread.start(); } – Miki Jul 22 '15 at 07:05