How to prevent session timeout

As we all know, when a user logs on to the site for a long time without interacting with the server, will cause the user session data on the server (that is, sessions) are destroyed. At this point, when the user is working on the Web page again, if the server has a session checksum, the browser will alert the user to timeout.

Then, how to solve the user login after a long period of time does not operate and the failure of the session caused by the problem.

There are two key words that lead to this problem: one is "long time" and one is "not operated".
1, if the user does not operate the "long time" exceeded the server configuration of the session timeout, and lead to session invalidation, then we extend the timeout session, so that users of the original "long time" and timeout time compared to become not "long", can not be solved.
2, if the user is a long time "does not operate" cause session invalidation, then we think of ways to produce "operation", so that users every little time on the "Operation" once, and the server interaction, then the session will not fail naturally.

Under normal circumstances, the first thing we think of is that by changing the configuration of the server, the server session timeout time is prolonged.
For example, the following node contents are available in the Web.xml file of the Tomcat server:

<session-config>
<session-timeout>30</session-timeout>
</session-config>

This 30 indicates a timeout for the session, in minutes, and if the user does not interact with the server within 30 minutes after logging in, the session of the current user is invalidated. We can configure a larger value (such as 60) to extend the timeout for the session, and if you change the value to 0 or minus, the session never expires.

However, in the actual work of the application, blindly increase the session timeout setting is not how common, most need to implement the function of the site will solve the problem focus on the second line of thinking. For example: Some online sites use a timed refresh of the page to prevent session timeout.

The most common two implementations of a timed refresh page are the JavaScript + HTML DOM, and the other way through the META tag.

function Refresh (seconds) {
settimeout ("Self.location.reload ()", seconds * 1000);
}
Refresh (600); Call method Start timed Refresh, value unit: seconds.

Add meta tags to a page refresh also specifies that the current page is refreshed at every specified time, with the sample code as follows:

<meta http-equiv= "Refresh" content= "/>"

This meta tag enables you to refresh the current page every 600 seconds.

In both scenarios, the better is the second, because if the current page is open in the IE browser's modal window, the Self.location.reload () method will fail by default, and the refresh meta tag is still valid under the IE mode window.

Both of these methods are implemented to refresh the current page and are simple to use, but unfortunately they have an almost fatal flaw. Imagine, if in the forum post and so on need user input content page, users spend a long time to enter a lot of text content, but suddenly encountered a timed page refresh, the result of the user input all the content is gone, it is estimated this time users even strangle your heart have ...

Therefore, we need to be in the current page itself does not refresh, does not affect any user action to implement a timed refresh. The most common solutions are still available in two ways.
One is to add a hidden iframe to the current page and then implement a timed refresh inside the iframe.

<iframe id= "Hidden_iframe" style= "Display:none" scrolling= "no" frameborder= "0" name= "hidden_iframe" src= " ping.php "></iframe>

In addition, we need to write the corresponding request response code on the server, for example, the following code can be written in ping.php:

<?php
///Every 600 seconds refresh the current page
echo ' 
 
The other is to use a JavaScript image object to implement a timed refresh, JavaScript code as follows:

function AutoRefresh (seconds) {
if (