HTTP Sessions Created In A ServletRequestListener Do Not Expire In Oracle Glassfish Server 3.1.1

(Doc ID 1385467.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle GlassFish Server - Version: 3.1 to 3.1.1 - Release: 3.1 to 3.1
Information in this document applies to any platform.


The problem is with HTTP Sessions not expiring which, depending on how your application uses HTTP Sessions, could be difficult to spot as your application in all likelihood will continue to function normally unless you have specific checks in place.

The only way to see if this problem is occurring is to examine some of the metadata in the HTTP Session object itself, principally the session's last access time and its max idle time, and compare that to the current wall clock time.  This problem is present if:

lastAccessedTime() + (maxInactiveInterval() * 1000) < currentTimeMillis()

Here the first two method calls are available from the HttpSession object, and the last from the System object.  Note the max inactive interval is in seconds, and needs to be converted to milliseconds to be able to used correctly in the above comparison.


This problem is only present in Oracle GlassFish Server 3.1 and 3.1.1, and is not seen in 2.1.1 or 3.0, and therefore its possible that upgrading to 3.1 or 3.1.1 could then lead to this problem being encountered where no problem existed before.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms