tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Webber <web...@mminternet.com>
Subject Sessions Timeout
Date Tue, 29 Jan 2002 06:05:19 GMT
I have written an standalone application that is using servlets to login
to the application and to get different data from a database behind a
firewall.  I want to limit the password and username from going over the
net more often than necessary ( I use a MD5 hash of the password to get
it accross the first time with a random Seed value), so I use JSESSIONID
to identify a user and get back some objects I have stored in the
session.  The problem I run into is that the session expire after one
hour.  I know I can just expand this out to a few more hours, but I
really dont want to do this because I do want to erase sessions that
have not been used in more than an hour.  Is there a way to configure
Tomcat to check the expire time against last access time and not
creation time?

TIA
Jason

Tomcat 3.3
Apache 1.3.22
Windows 2000 Pro


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message