Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 73582 invoked from network); 7 Feb 2006 14:41:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 Feb 2006 14:41:22 -0000 Received: (qmail 2968 invoked by uid 500); 7 Feb 2006 14:41:16 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 2911 invoked by uid 500); 7 Feb 2006 14:41:15 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 2899 invoked by uid 500); 7 Feb 2006 14:41:15 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 2892 invoked by uid 99); 7 Feb 2006 14:41:15 -0000 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Feb 2006 06:41:15 -0800 Received: by ajax.apache.org (Postfix, from userid 99) id 3DE9ACB; Tue, 7 Feb 2006 15:40:53 +0100 (CET) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 37356] - Tomcat does not invalidate sessions after session-timeout period has passed. In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20060207144053.3DE9ACB@ajax.apache.org> Date: Tue, 7 Feb 2006 15:40:53 +0100 (CET) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=37356 ------- Additional Comments From jjliu@huawei.com 2006-02-07 15:40 ------- Do you mean that wo browsers use the same session to access a page, or just the ( quite usual ) case that two people use the web application? A: not the same session. Different IE browser will generate differnt session ID. That means in the included application B and C you get the session from application A? Application != context for you? A: yes. So it seems that the common ground for all of us here is, that we have some objects in the session that implement the HttpSessionBindingListener or HttpSessionActivationListener. A: I did not put any object implement the HttpSessionBindingLisener or HttpSessionActivationListener in the session. I think with different thread ( when include the page in other application), when it will operate the session object, it will not synchronize the session object (or its filed accessCount). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org