tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [OT] session-timeout not taking effect
Date Thu, 16 Sep 2010 18:27:39 GMT
Hash: SHA1


On 9/15/2010 7:44 PM, André Warnier wrote:
> Debbie Shapiro wrote:
>> Exactly. We have to follow FDA guidelines for validation of OTS
>> software and our validation expert is testing for this now. We want to
>> make sure that security is in place that if the app is left alone for
>> a period of time other users won't have access to it.
> More seriously, if I was you I would kindly inform the vendor that their
> heartbeat feature is preventing their application from being validated
> by the FDA, and that in consequence they may be losing a big market
> share; and I would wait to see how long it takes before you obtain a
> 10.3 pre-release.

There is a workaround: write a Filter (you know how I love to write

The filter would check the session for a special timestamp attribute. If
the current URL is /not/ the URL to the heartbeat, then update the
timestamp in the session. If it /is/ the heartbeat URL, then perform a
check: is the timestamp stored in the session older than - whatever you
want. If it is, call session.invalidate() and force the session to die.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message