Handling logins to a XMPP server via servlets

Question

I would like to hear some comments about how to manage long lived XMPP connections on a servlet container ie Tomcat.

Basically we have a client that submits login credentials to a servlet and we create a XMPPConnection for each session and store it in HttpSession.

To simplistic, the client can perform 4 operations: login, send/receive messages, logout.

(1) As you can see, the lifetime of the XMPPConnection should be handled (controlled) by the client. In our case, the HttpSession has a timeout associated with it. Do you think the reliance on HttpSession is a mistake ?

(2) From a garbage collection perspective, is it a problem if the HttpSession is timed-out and we don't specifically call XMPPConnection.disconnect() ? The way I understand it, once the timeout is reached, all objects in Session scope is GC'ed. Would the VM balked and ignore the XMPPConnection if it is still connected ?

(3) What is the difference between a HttpSession timeout and invalidation ? My understanding is that timeout refers to a particular object whereas invalidation removes everything.

Answer 1

(1) While there may be better ways, I don't necessarily see a problem storing XMPP credentials in the session. I recently did something similar and relied on the HttpSession.

(2) In order to fix your timeout problem, you have a couple options. You can set the session timeout dynamically in whatever servlet sends/recieves messages (session.setTimeout()), or you can make it a static value in the web.xml (a value of -1 means no timeout). Then you can Create a SessionListener and call XMPPConnection.disconnect() on sessionDestroyed.