WebSocket messages does not set lastAccessTime to session, and after the session.maxIntervalTimeout() my session is deleted I have attributes on httpsession, and I check them every time I want to send a message to browser-client through WebSocket. If the client is not making any other requests to page like AJAX or open another link, his sessions is deleted along with the attributes on the session. I have implemented ping-pong from client to server on WebSocket, I could reset the lastAccessTime of the session there, but the problem is that there is no visibility to session's lastAccessedTime so there is no way you can change it. The framework should do that for you. I belive that a reset must be added whenever a message is received/send to/from client through WebSocket.
This should be raised with the WebSocket EG. It is not an implementation issue (it might become one if the spec is changed).
At least there should be a way to setLastAccessed time to a session.
I have created an issue for this on the WebSocket API project JIRA [1]. You will need to login/register on java.net to view and/or watch it for updates. Registration is free. [1] http://java.net/jira/browse/WEBSOCKET_SPEC-175