Hi.
I (still) have problems with HttpSessions that timeout too early in a secure
web-site.
We have a registration servlet that works in two stages:
1. Verify a one-time-password needed to enable registration.
If correct, put an object into the session by using
setAttribute("myObject",new MyObject()).
Genererate a form for registration. The form will be posted to myself.
2. Handle the post from the form, but only if there is an object stored in
the HttpSession , i.e. call getAttribute("myObject").
The problem is that when the users are done with the registration form, and
clicks the submit button, they have been timed out and have to start all
over again (and be quicker this time...)
This is very frustrating and makes it impossible to take the server into
production.
The premature timeouts seem to appear only with IE 5 or older. IE 5.5 and
Netscape seem to work.
I have set the shared="true" in my web-site.xml file (attached).
I have read some posting regarding this problem and tried the recommended
fixes without success.
Could someone please verify if this is known bug and if so, when we could
expect a fix.
/Regards,
Mattias Arbin
HttpSession session = req.getSession(true);
session.setAttribute("sessionInfo",new SessionInfo(oneTimePwd));
<?xml version="1.0"?>
<!DOCTYPE web-site PUBLIC "Orion Web-site"
"http://www.orionserver.com/dtds/web-site.dtd">
<web-site host="[ALL]" secure="true" port="443"
display-name="xxx" log-request-info="true" >
<!-- The default web-app for this site, bound to the root -->
<ssl-config keystore="/usr/local/orion/ssl/keystore"
keystore-password="xxxxxx"
needs-client-auth="false" />
<default-web-app load-on-startup="true" application="knut"
name="knut-web" shared="true" />
<access-log path="/var/log/orion/support-web-access.log" format="$host -
$user [$time] "$request&
quot; $status $size "$referer" "$agent"" split="week"
suffix="ddMMyy"/>
</web-site>
