Perplexed by a problem I'm having:
I have a custom login solution that writes a string to
a user's HttpSession Object:
session.setAttribute("login", new
java.util.Date().toString());
In the app, I have a controller servlet that checks
for this session attribute with each request:
Object done = session.getAttribute("login");
if (done == null) {
res.sendRedirect(relogin); ...
In my web.xml I have the session timeout set to 15
minutes.
Everything is working fine in http:// sessions. Now
that I have switched over to SSL (https://), sessions
seem to timeout in about 1 minute.
Why? Is this some sort of default setting?
Also, I'm noticing a difference in the URL when I move
around the site in a SSL session now. URLs now look
like:
https://protected.company.com/Action?cmd=myaccount;jsessionid=Oa6HTKaeJpki3ZNlC_zHuKUEu80WAyXKdC7qPTT4plE=
I never had the "jsessionid=0a6H...." before.
Please help me understand what's going on here.
-Todd
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
