1 Reply Latest reply on Dec 28, 2017 11:19 AM by Paul Ferraro

    HTTP access without changing session lastAccessTime

    Brian Wallis Master

      I have a need in porting an older app to Wildfly 11 to allow certain http access URLs to be invoked without keeping the session permanently alive. These accesses do need to know the currently authenticated user and have access to the authenticated session object which contains user info that is required to complete the http request. These requests are used to periodically update numerical indicators in the UI that inform the user about new messages, tasks and documents.


      In our current implementation we have a filter that essentially re-implements the session timeout behaviour using an attribute on the session to maintain its own session last access time and then invalidating the session when it thinks it is timed out. It then excludes a particular URL from updating that attribute. This works but it adds another filter to the chain of filters to do something that the platform is already (almost) doing for me. It doesn't seem to be the correct approach and I'd like to lose it if possible.


      Is there a "correct" way to implement this sort of behaviour using undertow in wildfly 11? Should I be looking at a different approach, perhaps websockets now that we no longer support IE8 and IE9 is on the way out as well. Does data transferred over a websocket affect the session timeout?


      Any suggestions would be welcome.