tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37356] - Tomcat does not invalidate sessions after session-timeout period has passed.
Date Fri, 10 Mar 2006 16:45:57 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37356>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37356





------- Additional Comments From matt.sgarlata@spiderstrategies.com  2006-03-10 16:45 -------
Per the previous comment: "-1 for sync, and feel free to test volatile (I'm only
-0 for it). So the only option you have left is simple check to force expiration
of sessions which are way past the normal timeout (like, ten times).", isn't
this a violation of the Servlet specification?   The specification states "The
session-timeout element defines the default session timeout interval for all
sessions created in this web application. The specified timeout must be
expressed in a whole number of minutes.  If the timeout is 0 or less, the
container ensures the default behaviour of sessions is never to time out. If
this element is not specified, the container must set its default timeout
period."  So in other words, the session-timeout says how many minutes before
the session is expired.  To expire in more or less minute than that is a
violation of the specification, IMO.

Also, as a Tomcat user, let me tell you where our users are noticing and
complaining about this bug.  We have a Current User Activity hyperlink in the
application that lets the system administrator view which users are online and
how long they have been idle.  This lets them see if, for example, see if any
users are online so that they know whether they can safely bounce Tomcat.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message