tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "G. Wade Johnson" <wade.john...@abbnm.com>
Subject Re: Session Timeout
Date Fri, 05 Sep 2003 16:52:48 GMT
That's actually why I was floored when my applet was kicked back to the
login form after half an hours of continuous activity.

Mike Curwen wrote:
> 
> anything you set in WEB-INF/web.xml can be set in
> CATALINA_HOME/conf/web.xml and these setting will be used on a global
> basis, unless overriden at a lower level.
> 
> FWIW, I've always understood session-timeout to mean "after a period of
> inactivity".  I mean really... how useful would sessions be if they
> logged you out after n minutes, no matter your activity level?  Talk
> about frustrating! "It doesn't matter that you've been using my site
> continuosly for the past 30 minutes, I'm still kicking you off". That
> sounds like 'session-duration' to me.
> 
> 
> > -----Original Message-----
> > From: G. Wade Johnson [mailto:wade.johnson@abbnm.com]
> > Sent: Friday, September 05, 2003 8:45 AM
> > To: Tomcat Users List
> > Subject: Re: Session Timeout
> >
> >
> > I'm using Tomcat 4.1.18 & 4.1.24 (two different machines).
> > The behavior is the same on both. As I said in my other
> > message, I was basing my questions on the documentation I had
> > read. Your response made me do a little testing. Now, I'm
> > even more confused.
> >
> > My assumption was based on information in "Professional Java
> > Servlets 2.3" by Wrox. In chapter 5, they explicitly state
> > that the <session-timeout/> value applies to lifetime, not
> > inactivity, (p. 240).
> >
> > I also checked with
> > http://developer.java.sun.com/developer/Books/javaserverpages/
> > servlets_javaserver/servlets_javaserver05.pdf
> >
> > Section 5.10 describes that parameter as well. It does seem
> > to imply that we are talking about inactivity timeouts, but
> > the text is not actually explicit. It could be read either way.
> >
> > For my test, I set the <session-timeout/> to 5 minutes. If
> > this was a lifetime thing, my session should expire pretty
> > quickly. If not, it would last forever. (My servlet is being
> > queried by an applet on a regular basis.)
> >
> > The session did not expire after 5 minutes. It expired after
> > 30 minutes, just like it did before I added the <session-timeout/>.
> >
> > Any help would be appreciated.
> > G. Wade
> >
> > PS. Since the <session-timeout/> is located in web.xml, I
> > assume it is webapp-specific. Is there any way to set up a
> > timeout on multiple webapps? (Short of making a change for
> > each webapp.) I'm currently using single-sign-on to bring a
> > couple of webapps together into one app from the user's point of view.
> >
> >
> >
> > Filip Hanik wrote:
> > >
> > > >I just found out that sessions on my webapp are
> > automatically being
> > > >logged out after some period of time. Even when they are
> > being used.
> > >
> > > this should not be the case <session-timeout> should be the
> > inactivity
> > > timeout what version of tomcat?
> > > Filip
> > >
> > > ----- Original Message -----
> > > From: "G. Wade Johnson" <wade.johnson@abbnm.com>
> > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > > Sent: Thursday, September 04, 2003 2:36 PM
> > > Subject: Session Timeout
> > >
> > > I've just been surprised by something that I thought I understood.
> > >
> > > I just found out that sessions on my webapp are automatically being
> > > logged out after some period of time. Even when they are being used.
> > >
> > > >From reading the docs, it appears that the normal timeout
> > behavior is
> > > to terminate any session that has lived longer than n
> > minutes. Is this
> > > correct?
> > >
> > > Also there appears to be a <session-timeout/> element that
> > allows you
> > > to set the length of this timeout.
> > >
> > > However, if I am reading the documentation correctly, the
> > only way to
> > > set an "inactivity timeout" is programmatically? (I
> > actually thought
> > > the "session-timeout" was an "inactivity timeout".<shrug/>)
> > >
> > > How is the best way to go about adding this feature? Is the
> > > HttpSessionListener interface the best way to go?
> > >
> > > Thanks,
> > > G. Wade
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Mime
View raw message