Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 28275 invoked from network); 13 Apr 2006 20:04:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 13 Apr 2006 20:04:00 -0000 Received: (qmail 63837 invoked by uid 500); 13 Apr 2006 20:03:42 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 63777 invoked by uid 500); 13 Apr 2006 20:03:42 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 63766 invoked by uid 500); 13 Apr 2006 20:03:42 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 63763 invoked by uid 99); 13 Apr 2006 20:03:42 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Apr 2006 13:03:42 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Apr 2006 13:03:41 -0700 Received: by brutus.apache.org (Postfix, from userid 33) id 8BD2471428C; Thu, 13 Apr 2006 20:02:50 +0000 (GMT) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 37356] - Tomcat does not invalidate sessions after session-timeout period has passed. In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20060413200250.8BD2471428C@brutus.apache.org> Date: Thu, 13 Apr 2006 20:02:50 +0000 (GMT) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=37356 ------- Additional Comments From Lothsahn@yahoo.com 2006-04-13 20:02 ------- (In reply to comment #38) > Alright, since a workaround has been suggested and the original poster has not > come up with a reproducible test case, I'm closing this item for now. If the > original poster or anyone else comes up with a way to reproduce this, please > feel free to reopen this item, attach your new test case, and we will be glad to > look at it. I respectfully disagree. A number of people (myself included) have reproduced this bug, quite repeatedly. I have a very reproducable testcase onsite, I am just unable to provide our whole application to a third party. What we have been unable to provide is a self-contained testcase to reproduce this issue. I don't feel this is an issue that only one person has been dealing with--that would justify closing it. This issue has been seen on a number of environments, using entirely different applications. The workaround is to: 1) Make a container object to hold the tomcat session and track the inactivity manually 2) Write a background thread to invalidate the session once it times out. I view this as a very serious bug in tomcat, even if it's difficult to reproduce. I'm not blaming anyone or saying that it needs to get fixed--you can't very well fix an issue you can't reproduce, but closing it when it still exists doesn't seem like a good idea. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org