tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] session-timeout not taking effect
Date Thu, 16 Sep 2010 18:27:39 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 9/15/2010 7:44 PM, André Warnier wrote:
> Debbie Shapiro wrote:
>> Exactly. We have to follow FDA guidelines for validation of OTS
>> software and our validation expert is testing for this now. We want to
>> make sure that security is in place that if the app is left alone for
>> a period of time other users won't have access to it.
>>
> More seriously, if I was you I would kindly inform the vendor that their
> heartbeat feature is preventing their application from being validated
> by the FDA, and that in consequence they may be losing a big market
> share; and I would wait to see how long it takes before you obtain a
> 10.3 pre-release.

There is a workaround: write a Filter (you know how I love to write
Filters):

The filter would check the session for a special timestamp attribute. If
the current URL is /not/ the URL to the heartbeat, then update the
timestamp in the session. If it /is/ the heartbeat URL, then perform a
check: is the timestamp stored in the session older than - whatever you
want. If it is, call session.invalidate() and force the session to die.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkySYZsACgkQ9CaO5/Lv0PA1BwCeMf/Bsg4NFALRRgfRE4amvO7O
ZwkAn0/h5TQZaN202/2k+4CtukOIke0B
=+Jp7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message