tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lin <tcw00l...@yahoo.com>
Subject Re: SingleSignOn timeout
Date Mon, 12 Apr 2004 19:26:58 GMT
 
that would depend on the type of "single-signon" you want right.
 
a restrictive single-signon mechanism would consider the user logged out of all webapps once
the user logs out of one webapp.
 
if you don't want the login to be symmetic, when do you decide a login is invalid? Is it based
on timeouts, or some other mechanism?  In my mind, single-signon also means single-signout.
But that's my biased perspective.
 
the reason for this way of thinking is, say I login to my BOA checking account and I go to
view my savings account. Then I jump to my trading account. When I log off, I expect to log
off BOA and not just the section I'm on.  Other people might have different expectations,
but that's how I tend to think of "single signon".
 
peter lin
 


"Summers, Bert W." <BERT.W.SUMMERS@saic.com> wrote:
I am using the SingleSignOn class from Tomcat.
It is working good in that I have three webapps that I can be between
without a problem.

My issue that when one of the sessions expire it kills all the sessions in
the other webapps and I get redirected to the login screen again.

That is not supposed to happen is it?
I am keeping one webapps session active and then it dies.

Is there some setting?

Thanks.


---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message