RTC Forums
November 24, 2024, 09:58:43 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: Session Expiration  (Read 4483 times)
joepasquariello
RTC License+
****
Posts: 35


« on: April 10, 2014, 10:22:07 PM »

Hello,

I'm working with Sessions for the first time, and I built a test program using code from the Sessions and User Management example from the FAQ. I'm confused about Session expiration.

I have an OnDataReceived event handler with the code below. When the client (browser) connects for the first time, a session is created and a cookie is sent from the server to the browser. After that, each request from the browser contains the cookie, and the server uses its value as ID in the call to FindSession().

What's confusing me is that even though I have set KeepAlive to 10 seconds, the session never seems to expire. I can prevent the client from sending any requests for 20 or 30 seconds, and still, when the next request arrives, the call to FindSession() returns TRUE.

If I put a breakpoint inside the "else" clause, below, I can see what is the expire time, and if I don't hit run until after that time has passed, the session STILL does not expire. Am I misunderstanding KeepAlive, or missing something simple?

BTW, I saw your recommendation to not use cookies when the client is a browser, and I'll try to understand that next!

Thanks,

Joe

    if (DS->FindSession(DS->Request->Cookie->Value["session"])==false) {
      // false -> expired or no such session -> create a new one
      DS->OpenSession();
      DS->Session->KeepAlive = 10; // 10 seconds
      DS->Response->Cookie->Value["session"] = DS->Session->ID;
    }
    else {
      // session exists -> save some current values
      LastUsed = DS->Session->LastUsed;
      ExpireTime = DS->Session->ExpireTime;
      FinalExpire = DS->Session->FinalExpire;
      KeepAlive = DS->Session->KeepAlive;
    }
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #1 on: April 10, 2014, 10:31:21 PM »

Session expiration is handled during garbage collection, when a Session object is unlocked, but ONLY if at least two Sessions exist. This is because a Session will NOT expire if it has recently been used. The purpose of Session expiration is memory cleanup and is handled loosely. The expiration time is understood as "do not expire before" time and not as "has to expire after" time. There are a number of topics related to this already on the Forums. Please use the search feature on the Forums and you will find them.

Best Regards,
Danijel Tkalcec
Logged
joepasquariello
RTC License+
****
Posts: 35


« Reply #2 on: April 10, 2014, 11:42:33 PM »

Okay. Thank you, Danijel.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.023 seconds with 16 queries.