tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Webber <>
Subject Sessions Timeout
Date Tue, 29 Jan 2002 06:05:19 GMT
I have written an standalone application that is using servlets to login
to the application and to get different data from a database behind a
firewall.  I want to limit the password and username from going over the
net more often than necessary ( I use a MD5 hash of the password to get
it accross the first time with a random Seed value), so I use JSESSIONID
to identify a user and get back some objects I have stored in the
session.  The problem I run into is that the session expire after one
hour.  I know I can just expand this out to a few more hours, but I
really dont want to do this because I do want to erase sessions that
have not been used in more than an hour.  Is there a way to configure
Tomcat to check the expire time against last access time and not
creation time?


Tomcat 3.3
Apache 1.3.22
Windows 2000 Pro

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message