Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 4513 invoked from network); 5 Sep 2003 16:53:02 -0000 Received: from unknown (HELO fw.abbnm.com) (206.109.159.11) by daedalus.apache.org with SMTP; 5 Sep 2003 16:53:02 -0000 Received: from abbnm.com (jeeves.eng.baileynm.com [198.178.0.23]) by fw.abbnm.com (Postfix) with ESMTP id 0F8BC7C24 for ; Fri, 5 Sep 2003 11:52:53 -0500 (CDT) Received: from abbnm.com (usabbsgrw13367.dhcp.abb.abbnm.com [10.127.143.230]) by jeeves.eng.abbnm.com (8.11.6/8.11.6) with ESMTP id h85GqqP47500 for ; Fri, 5 Sep 2003 11:52:52 -0500 (CDT) (envelope-from wade.johnson@abbnm.com) Message-ID: <3F58BF60.E3AF38FA@abbnm.com> Date: Fri, 05 Sep 2003 11:52:48 -0500 From: "G. Wade Johnson" X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Session Timeout References: <008f01c373b6$b13a83b0$6f00000a@BALTHAZAR> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N That's actually why I was floored when my applet was kicked back to the login form after half an hours of continuous activity. Mike Curwen wrote: > > anything you set in WEB-INF/web.xml can be set in > CATALINA_HOME/conf/web.xml and these setting will be used on a global > basis, unless overriden at a lower level. > > FWIW, I've always understood session-timeout to mean "after a period of > inactivity". I mean really... how useful would sessions be if they > logged you out after n minutes, no matter your activity level? Talk > about frustrating! "It doesn't matter that you've been using my site > continuosly for the past 30 minutes, I'm still kicking you off". That > sounds like 'session-duration' to me. > > > > -----Original Message----- > > From: G. Wade Johnson [mailto:wade.johnson@abbnm.com] > > Sent: Friday, September 05, 2003 8:45 AM > > To: Tomcat Users List > > Subject: Re: Session Timeout > > > > > > I'm using Tomcat 4.1.18 & 4.1.24 (two different machines). > > The behavior is the same on both. As I said in my other > > message, I was basing my questions on the documentation I had > > read. Your response made me do a little testing. Now, I'm > > even more confused. > > > > My assumption was based on information in "Professional Java > > Servlets 2.3" by Wrox. In chapter 5, they explicitly state > > that the value applies to lifetime, not > > inactivity, (p. 240). > > > > I also checked with > > http://developer.java.sun.com/developer/Books/javaserverpages/ > > servlets_javaserver/servlets_javaserver05.pdf > > > > Section 5.10 describes that parameter as well. It does seem > > to imply that we are talking about inactivity timeouts, but > > the text is not actually explicit. It could be read either way. > > > > For my test, I set the to 5 minutes. If > > this was a lifetime thing, my session should expire pretty > > quickly. If not, it would last forever. (My servlet is being > > queried by an applet on a regular basis.) > > > > The session did not expire after 5 minutes. It expired after > > 30 minutes, just like it did before I added the . > > > > Any help would be appreciated. > > G. Wade > > > > PS. Since the is located in web.xml, I > > assume it is webapp-specific. Is there any way to set up a > > timeout on multiple webapps? (Short of making a change for > > each webapp.) I'm currently using single-sign-on to bring a > > couple of webapps together into one app from the user's point of view. > > > > > > > > Filip Hanik wrote: > > > > > > >I just found out that sessions on my webapp are > > automatically being > > > >logged out after some period of time. Even when they are > > being used. > > > > > > this should not be the case should be the > > inactivity > > > timeout what version of tomcat? > > > Filip > > > > > > ----- Original Message ----- > > > From: "G. Wade Johnson" > > > To: "Tomcat Users List" > > > Sent: Thursday, September 04, 2003 2:36 PM > > > Subject: Session Timeout > > > > > > I've just been surprised by something that I thought I understood. > > > > > > I just found out that sessions on my webapp are automatically being > > > logged out after some period of time. Even when they are being used. > > > > > > >From reading the docs, it appears that the normal timeout > > behavior is > > > to terminate any session that has lived longer than n > > minutes. Is this > > > correct? > > > > > > Also there appears to be a element that > > allows you > > > to set the length of this timeout. > > > > > > However, if I am reading the documentation correctly, the > > only way to > > > set an "inactivity timeout" is programmatically? (I > > actually thought > > > the "session-timeout" was an "inactivity timeout".) > > > > > > How is the best way to go about adding this feature? Is the > > > HttpSessionListener interface the best way to go? > > > > > > Thanks, > > > G. Wade > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org