Re: [servlet-dev] WebSocket and HttpSession

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [servlet-dev] WebSocket and HttpSession

From: Mark Thomas <markt@xxxxxxxxxx>
Date: Mon, 12 Jun 2023 11:38:37 +0100
Delivered-to: servlet-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/servlet-dev/>
List-help: <mailto:servlet-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/servlet-dev>, <mailto:servlet-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/servlet-dev>, <mailto:servlet-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0

On 09/06/2023 18:34, Greg Wilkins wrote:

On Thu, 8 Jun 2023 at 17:58, Mark Thomas <markt@xxxxxxxxxx<mailto:markt@xxxxxxxxxx>> wrote:
    My proposal is to add the following method to HttpSession:

    public void access()
That may not be sufficient, because there are two states of a sessionthat websockets needs to avoid: invalidation and passivation!

I agree the proposal will not be sufficient for all scenarios. However,if it is sufficient for some scenarios then I think it is worth considering.

Having an access method could well prevent invalidation due to an idletimeout, but it will stop passivation if that is configured on thecontainer. Typically a session is passivated some time intervalafter the active request count goes to 0. Often this timeout is muchshorter than the idle timeout and we have some deployments that have azero passivation timeout, so the session is passivated as soon as thelast request exits the servlet container.
A passivated session will not be available to be accessed by a websocketendpoint.
There are further complications with websocket endpoint accessingsessions. For example, what is the dirty semantic? i.e. if thewebsocket endpoint modifies the session, then when are those changespersisted/distributed in the cluster? We HTTP request, we have commitand complete events on which we can flush a dirty session.
Session semantics is really poorly defined and barely sufficient forpurpose for HTTP requests/responses. I've very dubious that it'ssemantics can be extended to websockets without creating some morehorrid corner cases. Very careful thought is needed and I do not thinkthere are any simple solutions.

I agree a complete solution may not be simple. I'm happy to look at thewider problem (we have a number of open issues against the Servlet specfor those) but I'd also like to make progress on this WebSocket issue ifwe can.


I'm not sure I like it but something that could work would be two methods:
public void startAccess()
public void endAccess()

These would be intended for non-HTTP based application components (e.g.WebSocket) to work with the session. Roughly (details to be fleshed outif the principal is acceptable):


- startAccess()
  - container treats it as the start of an HTTP request
  - active request count is incremented
  - last access time is updated

- endAccess()
  - container treats it as the start of an HTTP request
  - active request count is incremented
  - changes to the session are distributed/persisted

The idea being that if WebSocket (or anything else) wants to update thesession it needs to do so between startAccess() and endAccess().


Mark

Follow-Ups:
- Re: [servlet-dev] WebSocket and HttpSession
  - From: Greg Wilkins

References:
- [servlet-dev] WebSocket and HttpSession
  - From: Mark Thomas
- Re: [servlet-dev] WebSocket and HttpSession
  - From: Greg Wilkins

Prev by Date: Re: [servlet-dev] WebSocket and HttpSession
Next by Date: Re: [servlet-dev] WebSocket and HttpSession
Previous by thread: Re: [servlet-dev] WebSocket and HttpSession
Next by thread: Re: [servlet-dev] WebSocket and HttpSession
Index(es):
- Date
- Thread

Breadcrumbs