Thoughts about a4j:poll

ilya80 Dec 26, 2007 9:23 AM

Hello there!

In my application i have to warn user before his session times out, and i`ve been researching the way i could do it with a4j components.

While i was snooping around i thought that *if* a4j:poll has no inner time-out defined in corresponding bean the session is extended forever. This renders

<session-config>
<session-timeout>
1
</session-timeout>
</session-config>

parameter in web.xml useless, since session would be kept alive forever and this might somehow endanger application security.

Maybe it would be useful to mention this possible behaviour in a4j:poll description?

Just a thought really, I`m *not* trying to accuse anyone of anything.

1. Re: Thoughts about a4j:poll

ilya_shaikovsky Dec 26, 2007 9:39 AM (in response to ilya80)

Look through demosite poll example. There is example of the poll that polls the server only for a minute. ;)
Actions
2. Re: Thoughts about a4j:poll

ilya80 Dec 26, 2007 9:53 AM (in response to ilya80)

yeah its the

if ((date.getTime()-pollStartTime.getTime())>=120000) setPollEnabled(false);

line. I just thought it would be good to mention that some sort of bean-controlled time-out is needed in the documentation.
Actions

Go to original post