tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: j_security_check
Date Tue, 02 Dec 2008 16:28:58 GMT
Hash: SHA1


Martin Dubuc wrote:
> I am not sure I understand exactly why, but it seems to me that, although
> the sessionTimeout.jsp page is not protected, if the user responds to
> "Navigate away" prompt after Tomcat removes the session from the session
> list, then, Tomcat presents the login form instead of the session expiry
> notification page.

Perhaps Tomcat is reacting to a request for a different resource. Can
you post your access log for the time period around this request? Also,
you might want to post your <security-constraint> sections from web.xml.

> I would also like to know why ${pageContext.session.maxInactiveInterval}
> evaluates to 900 even if I set the session-timeout variable to 1 minute in
> the application web.xml configuration file (and even in Tomcat conf/web.xml
> file). I find it odd that looking at the manager application main page, the
> sessions listed on that page show Expire sessions with idle >= 1 minutes,
> but yet, the TTL in the application session page starts at 15 minutes and
> session only expires after 15 minutes.

Maybe you'd better post that configuration as well.

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message