I have a JSF 2 application that uses RichFaces 4 and Spring Security 3.1 running on Tomcat 6 (also tested on Tomcat 7). Spring Security processes the session timeout and redirects the user to the login page. This works great.
The problem is that AJAX calls do not show how to extend the session lifetime, let's say what normal navigation calls do.
I read other articles suggesting that AJAX calls do not behave the same as regular navigation calls, and therefore the session is not extended (unfortunately, none of them give a clear explanation of why this is), This thread assumes that the call getSession() will do the trick. However, this does not work for me.
Instead of writing my own jquery handler, I used PrimeFaces idlemonitor, as suggested here . The bean method called by the idle monitor reset calls getSession() . For testing, I set the session wait period to 4 minutes. Despite the fact that the AJAX method with the getSession () function is called after two minutes, the session still expires exactly 4 minutes after going to this page.
Any idea what I'm doing wrong? More importantly, how would you debug this situation?
thanks
source share