Skip to Content
Former Member
Jan 23, 2018 at 08:17 AM

PersistedSessions never expire



We have a clustered environment and we have found something pretty strange when you enable HTTP Session failover. This is your code in PersistedSession when a session is read:

     private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
         this.lastAccessedTime = System.currentTimeMillis();

and this is what is done to check if a persisted session has expired:

 public boolean isExpired() {
         return System.currentTimeMillis() > this.lastAccessedTime + (long)(this.getMaxInactiveIntervalInSeconds() * 1000);

When you look at this code it looks like a Persisted Session can never expire because as soon as you just read it to check if it is expired you have already updated the last accessed time and hence Hybris says it has not expired. So PersistedSessions seem to live forever because the lastAccessedTime is updated as soon as you read it.

Are we missing something and should use something else to check if persisted sessions have expired?