https://bz.apache.org/bugzilla/show_bug.cgi?id=68449
Jhone <mywebsite11...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Jhone <mywebsite11...@gmail.com> ---
It seems like you're encountering persistent issues with session timeouts
within Tomcat, particularly for SSO enabled Users even after updating to Tomcat
9.0.83.
The behavior where the session times out prematurely despite setting the
setMaxInactiveInterval() might indeed have multiple underlying causes.
Regarding your first question about whether setMaxInactiveInterval() has been
deprecated and whether context.setMaxInactiveInterval() should be used instead:
No, setMaxInactiveInterval() has not been deprecated. It's the method used to
set the maximum time interval, in seconds, a session can remain inactive before
Tomcat invalidates it. However, context.setMaxInactiveInterval() refers to a
different level of configuration, applicable at the context level, not
specifically for managing individual session timeouts.
Regarding the second question about the defaulting of the timeout value to the
one specified in web.xml every 2 or 5 minutes by a Tomcat process:
Normally, the session timeout value set through web.xml is a default for the
application unless overridden by individual session settings. Tomcat doesn't
forcibly reset session timeouts to the value in web.xml every few minutes; it
should retain the interval you've set unless explicitly changed during runtime.
The absence of requests hitting the Tomcat server in the localhost_access_log
despite session timeouts suggests a potential issue. If sessions are timing out
prematurely without corresponding requests, it might indicate a disconnect
between the user's actions and the server's understanding of their session
activity.
Considering that SSO enabled Users are specifically affected, it might be worth
investigating how the SSO setup interacts with session management in Tomcat.
Ensure that the SSO setup isn't unintentionally affecting or overriding session
configurations.
Additionally, given that the issue arose after migrating from Tomcat 9.0.64 to
newer versions, there could be changes in default behaviors or configurations
in these versions impacting session handling. Reviewing release notes or
documentation for each version might provide insights into any changes that
could influence session management.
Investigating logs or enabling more detailed logging related to session
management and SSO could offer clues about what might be causing this
unexpected behavior. It might be beneficial to consult Tomcat forums or reach
out to the Tomcat community for specific insights or experiences related to SSO
and session management with the newer versions.
Combining a detailed analysis of Tomcat's session management, reviewing SSO
configurations, and potentially seeking community support could help narrow
down and resolve this issue
For More info Visit: https://pigsnames.com/
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
