Jetty 8 WebSocket and Session timeout

Question

Im new in jetty and i try do develop a little application that uses different servlets. One of this servlets is a WebSocketServlet. Now im trying to build an authentication mechanism and my basic idea is to use jetty's default HttpSession implementation, which can be accessed by HttpServletRequest.getSession();

So lets say I want to create a little chat application (im talking only about the server side), and lets say that there are just two servlets:

• a WebSocketServlet for receiving and forwarding chat messages to the other users that are in the same chat room. This has the URL /servlets/chat
• In addition, there is second "normal" HttpServlet called AvatarServlet. The functionality of this servlet is quite simple: This servlet handles HTTP POST events to allow the current user to upload and change his own avatar profile picture. The URL is /servlets/avatar

So the avatar servlet should only handle HTTP POST if the user is logged in, which means to me, that the user has a valid HttpSession (of course the same HttpSession as the chat servlet).

My question: lets say a user chats for 1 hour via the chat servlet and decides after this hour to change his avatar picture via my avatar servlet. Since im working with websockets the page is never reloaded and the chat servlet was only invoked at the beginning (1 hour ago) to etablish the websocket connection.

So i guess, even if the user was online and active all the time, the session would be expired, when the user try to use the avatar servlet (after 1 hour).

Does my assumption is correct? Does anyone has experience with this topic or know a better solution?

Thank you

Answer 1

You could send an ajax-request every x minutes that contains nothing but the session id and thus basically 'touches' the session. This way, as long as the user has the chat-window open, the session is kept alive. When the chat-window is closed, the session times out.