Hi,
I've just started using Apache sessions in 2.4.7, in combination with mod_auth_form. It is working great. It is fronting a web app running under SCGI and that part is working fine as well.
On a page that is protected by authentication I have ajax calls to urls that are also under authentication. The page refreshes the data periodically (via a timer that reruns the ajax, rerenders the display). An untended side effect is that the session never expires, since the ajax calls cause the session expiration to be refreshed. I need the ajax calls to use the session for authentication, but not refresh the expiration time (well, I may need to provide an option to let the user keep the session alive, but by default I think it should eventually expire.) What I would like to do is supply, say, an http header that would inhibit the refreshing of the expiration time. I did not find such in the documentation, or the question posted on the list.
My question is -- is there such an option that I may have missed, or has any one accomplished this behavior through some other means?
I can work around it by using a separate timer on the page that will automatically log the user out after a certain amount of time, but would rather also have a method that works with the native httpd session.
Thanks,
Erik.
