Announcement Announcement Module
No announcement yet.
Unset a session attribute at a defined time interval, every hour in Spring (3.2) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unset a session attribute at a defined time interval, every hour in Spring (3.2)

    I'm using the Spring framework 3.2. For preventing CSRF attacks and duplicate form submissions, I'm generating some random tokens which are stored in a java.util.List. This List is stored in a user's session. It goes fine. The reason why a list of tokens is maintained is that a user can have more than one tab or window open in his browser.

    What happens is that I'm generating a new random token on every request and page refresh which is kept in the List as mentioned above. Therefore, at the end of the day, the List can grow or shrink in size.

    The token is supplied in a hidden field and is removed immediately, if the List already contains the one before allowing the request to be processed (when a POST request arises) but the List can have number tokens, if a user keeps reloading a page or sending only a GET request.

    Therefore, this List needs to be emptied at a regular time interval, perhaps every hour (I should mention that I'm quite unsure about the criteria to empty the List because it not possible to see which tokens are unused. So, I assume the List should be emptied every hour or so. Please suggest, if there is a better criteria).

    Since the List is stored in a user's session, what I can see is that clearing the List at a regular time interval requires to trigger that timer interval in every user's session. The way seems to be clumsy and not possible. Is it possible?

    I have thought of using the quartz API to trigger such an interval that worked but it doesn't seem possible to access a user's session from the executeInternal() method of the quartz job.

    Does Spring and/or Servlet have any fair way to do this? Anyway, I want to clear this List so that it doesn't consume much memory unnecessarily. Please suggest (or clarify, if it is not possible), if there is a way and if possible, a basic kick off example would be much helpful. Thanks.
    Last edited by Tiny; Apr 21st, 2013, 01:18 AM.