On 23/05/2024 17:01, Jerry Malcolm wrote:
I have some servlets that I can't put security constraints on at the
web.xml level. However, deep down in the code there are some places
that I need a user to be logged in. My overall UI ensures this all
works by having certain JSPs with constraints t
I have some servlets that I can't put security constraints on at the
web.xml level. However, deep down in the code there are some places
that I need a user to be logged in. My overall UI ensures this all
works by having certain JSPs with constraints that force the user to log
in before gettin
Channa,
On 10/27/23 00:07, Channa Puchakayala wrote:
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers
ignoring session timeout configured in tomcat
conf web.xml
26 Oct 2023 05:01:49 Channa Puchakayala
:
> Hi All,
>
>
> Tomcat Version : 9.0.75
> Operating System: Windows and Linux
> Bits: 64
>
>
> Tomcat 9.0.75 ignoring session timeout configured in
> tomcat/conf/web.
2023 05:07:20 Channa Puchakayala
:
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting
customers.
==
26 Oct 2023 05:01:49 Channa Puchakayala
:
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 ignoring session timeout configured in
tomcat/conf/web.xml, it is overriding previous session timeout setting
and effecting existing customers
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers.
==
30 // 30 minutes
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 ignoring session timeout configured in tomcat/conf/web.xml,
it is overriding previous session timeout setting and effecting existing
customers.
==
30
, want to set a breakpoint. Does
anybody know a code place in tomcat where I can set a breakpoint when
the session timeout is handled?
If you just want to find out what is killing your session, you could
register an HttpSessionListener and dump stack traces to the log any
time a session is either
tes. But
> after a successful login with a realm, the user is automatically logged
> out, sometimes after one minute, sometimes other times.
>
>
>
> I have downloaded the source code, want to set a breakpoint. Does anybody
> know a code place in tomcat where I can set a breakp
code place in tomcat where I can set a breakpoint when the session timeout is
handled?
Best regards,
Helge
[cid:image001.png@01D9BEEA.8EF13F20] <https://www.de-adp.com/>
Helge Wiemann
Application Developer
Mary-Somerville-Str. 4, DE- 28359 Bremen
T: +49 800 000 6898
helge.wiem...@a
trated
> >> users who would love for us to find out what's going astray.
> >
> > What you are seeing is expected behaviour. This was discussed in
> > the WebSocket EG. The short version is: - WebSocket requests don't
> > update the session's last access
On 09/08/17 17:46, Christopher Schultz wrote:
> Websocket ignoramus, here. Is there a way for (websocket) application
> code on the server side to trigger a "touch" of the HttpSession that
> is linked with the connection? Or is the problem that the websocket
> connection and the HTTP connection ar
cessed time - you need an HTTP request
> from the browser to update the session's last accessed time (and
> update the expiry time of the browser's session cookie) - so the
> application has to do periodic HTTP requests.
>
> You can reduce the frequency of these requests
rowser to update the session's
last accessed time (and update the expiry time of the browser's
session cookie)
- so the application has to do periodic HTTP requests.
You can reduce the frequency of these requests by extending the session
timeout (remembering you need an HTTP req
equests don't update the session's last accessed time
- you need an HTTP request from the browser to update the session's
last accessed time (and update the expiry time of the browser's
session cookie)
- so the application has to do periodic HTTP requests.
You can reduce the
We're using Tomcat 8.5.16 with Java 1.8.0_91, Vaadin 7.7.10 and
Atmosphere Websockets.
We have had reports of sessions logging out while users are active with
our Vaadin-based application. This has been frustrating as we can't
seem to track down why Tomcat's session is not being updated, but
We just enabled clustering for our 3 tomcat servers, and now the sessions
aren’t expiring. The TTL is negative and the inactive time is very high. We
have this set as the default of 30 minutes.
We are using Tomcat 7.0.51.
Any ideas?
Thanks
Alan
On 21/06/2016 03:54, mw...@loftware.com wrote:
>
>
>> -Original Message-
>> From: Mark Thomas [mailto:ma...@apache.org]
>> Sent: Monday, June 20, 2016 11:32 AM
>> To: Tomcat Users List
>> Subject: Re: session-timeout and maxInactiveInterval
>>
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Monday, June 20, 2016 11:32 AM
> To: Tomcat Users List
> Subject: Re: session-timeout and maxInactiveInterval
>
> On 20/06/2016 16:00, mw...@loftware.com wrote:
> > We are runni
On 20/06/2016 16:00, mw...@loftware.com wrote:
> We are running 7.0.69 and Java 1.8.0_91.
>
> We ran into an incident at a customer where the customer had set
> session-timeout to 0 – which according to the servlet 3.0 spec, the
> session should never time out. However, t
We are running 7.0.69 and Java 1.8.0_91.
We ran into an incident at a customer where the customer had set
session-timeout to 0 - which according to the servlet 3.0 spec, the session
should never time out. However, the customer was basically seeing the session
timeout immediately. When we
Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 9/4/15 6:14 AM, theo.swe...@avios.com wrote:
> Hi Chris - the servlet spec states "If the time out is 0 or less,
> the container ensures the default behavior of sessions is never to
> t
207 s / Processing time: 232 ms
>
> The current session timeout is set to 120 seconds, so neither of
> these above session times make any sense, unless a dependency is
> hanging?
Remember that the session timeout is not session age. If you have a
process which is touching the session more
ST.
If we look inside web service stats -
Longest session alive time: 183 s / Processing time: 625 ms
Longest session alive time: 207 s / Processing time: 232 ms
The current session timeout is set to 120 seconds, so neither of these
above session times make any sense, unless a dependency is hang
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 9/3/15 8:28 AM, theo.swe...@avios.com wrote:
> Thanks Chris - that pointer is very helpful.
>
> Can you clarify by setting session-timeout to 0, implies after 60
> seconds the session will expire or does it imply the same a
Thanks Chris - that pointer is very helpful.
Can you clarify by setting session-timeout to 0, implies after 60 seconds
the session will expire or does it imply the same as -1, that sessions
will not timeout?
0
Theo
From: Christopher Schultz
To: Tomcat Users List ,
Date: 01
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 9/1/15 4:29 AM, theo.swe...@avios.com wrote:
> Mark - I took a look at the Manager How To Guide as seen here -
>
> https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses
sions
>
> It mentions that it's possible to expire
: Mark Thomas
> To: Tomcat Users List ,
> Date: 01/09/2015 09:02
> Subject:Re: Tomcat 8 Session Timeout
>
>
>
> On 01/09/2015 08:53, theo.swe...@avios.com wrote:
>> Hi Mark
>>
>> Tomcat version?
>>
>> v8.0.21
>
> OK. Fair
lhost:8080/manager/text/expire?path=/examples&idle=0
Do you know if a wildcard can be used for the app name?
Theo
From: Mark Thomas
To: Tomcat Users List ,
Date: 01/09/2015 09:02
Subject:Re: Tomcat 8 Session Timeout
On 01/09/2015 08:53, theo.swe...@avios.com wrote:
> Is there a command line mechanism to gracefully terminate sessions?
No, but you can use the Manager app to view session contents and expire
the sessions.
Mark
>
> Theo
>
>
>
>
> From: Mark Thomas
> To: Tomcat Users List ,
> Date: 28/08/2015 19:13
> Su
Users List ,
Date: 28/08/2015 19:13
Subject:Re: Tomcat 8 Session Timeout
On 28/08/2015 12:08, theo.swe...@avios.com wrote:
> Hello - currently HTTP sessions are configured to timeout after 120
> seconds, in $CATALINA_BASE/conf/web.xml
>
>
> 2
>
&g
Hi Chris,
That's pretty much it (except the path for the app's web.xml looks a
little odd).
We are running multi-instance environment and this is why the path is
$CATALINA_BASE/conf/web.xml
Are the web services specifying their own session-timeout in the
application-specific web.xm
On 28/08/2015 12:08, theo.swe...@avios.com wrote:
> Hello - currently HTTP sessions are configured to timeout after 120
> seconds, in $CATALINA_BASE/conf/web.xml
>
>
> 2
>
>
> However this is not being honoured by the web services, where many session
> are lasting longer.
>
>
int)
> $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml
>
> Is there something that I'm missing?
That's pretty much it (except the path for the app's web.xml looks a
little odd).
Are the web services specifying their own session-timeout in the
applica
Hello - currently HTTP sessions are configured to timeout after 120
seconds, in $CATALINA_BASE/conf/web.xml
2
However this is not being honoured by the web services, where many session
are lasting longer.
>From what I understand - the order for session timeouts is -
HttpSess
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 3/18/14, 7:31 AM, chris derham wrote:
>> It is not feasible to determine the difference between a
>> timed-out session and a user who had no session to begin with.
>
> Couldn't you use the presence/absence of a session id cookie?
Not rea
> It is not feasible to determine the difference between a timed-out
> session and a user who had no session to begin with.
Couldn't you use the presence/absence of a session id cookie?
Chris
-
To unsubscribe, e-mail: users-unsu
n Fri, Mar 14, 2014 at 3:48 PM, Akash Jain
>>> >
>>> If any request comes after session timeout interval ... why
>>> would it go
>> into error ?
>>
>> Perhaps because the request/response that was created with a
>> session is no longer valid after
On 3/14/2014 4:18 PM, Akash Jain wrote:
I want to redirect user to / with a query parameter to indicate that
session has timed out.
I don't follow you. What do you mean by use a query parameter? You
want to display a notification to the user in the URL?
Do you mean like this: http://www.my
created with a session is no
longer valid after the session timeout. What other option would you have
if not an error-page?
Hi, Akash-
Seems like a fairly simple filter could handle this by redirecting to
the home page if the session is invalid and the home page isn't already
the t
I want to redirect user to / with a query parameter to indicate that
session has timed out.
On Fri, Mar 14, 2014 at 4:01 PM, Leo Donahue wrote:
> >On Fri, Mar 14, 2014 at 3:48 PM, Akash Jain >wrote:
> >Leo,
>
> >If any request comes after session timeout interval ..
>On Fri, Mar 14, 2014 at 3:48 PM, Akash Jain wrote:
>Leo,
>If any request comes after session timeout interval ... why would it go
into error ?
Perhaps because the request/response that was created with a session is no
longer valid after the session timeout. What other option would yo
Leo,
If any request comes after session timeout interval ... why would it go
into error ?
I want to keep the session timeout and error scenarios different.
On Fri, Mar 14, 2014 at 3:34 PM, Leo Donahue wrote:
> On Fri, Mar 14, 2014 at 3:04 PM, Akash Jain
> wrote:
>
> > I
On Fri, Mar 14, 2014 at 3:04 PM, Akash Jain wrote:
> I have following configuration in `web.xml` in tomcat 7. I am wondering if
> I can add any configurable parameter here, so that if user tries to do any
> operation post 30 minutes, I redirect the user to our home page.
>
>
> 30
I have following configuration in `web.xml` in tomcat 7. I am wondering if
I can add any configurable parameter here, so that if user tries to do any
operation post 30 minutes, I redirect the user to our home page.
30
mydomain.mycompany.com
On Tue, Jun 25, 2013 at 12:49 AM, Nagaraj Mandya wrote:
>
> All requests from my client pass in the session cookie. However, I do not
> want the session timeout counter to get reset for certain URLs.
>
>
Is your app a (JSF) web application?
AJAX and Partial Page update/render
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nagaraj,
On 6/25/13 12:49 AM, Nagaraj Mandya wrote:
> Hello, I am running Apache Tomcat 7.0.4 on Linux and the
> session-timeout is configured to 30 minutes.
Hopefully, you mean Tomcat 7.0.40 or 7.0.41. If not, upgrade.
> All request
Hello,
I am running Apache Tomcat 7.0.4 on Linux and the session-timeout is
configured to 30 minutes. All requests from my client pass in the session
cookie. However, I do not want the session timeout counter to get reset for
certain URLs.
Is there a way to configure Tomcat to ignore certain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul,
On 1/13/12 3:26 PM, Paul Joseph wrote:
> This was a false alarm. My apologies.
Any specifics? It's nice to be able to point to a message in the
archives and say "maybe you are doing /this/" to help someone find an
error in their own webapp.
-
have my session timeout set in web.xml to 60 minutes.
Just to clarify, which web.xml file?
However I find that with about 44 minutes of inactivity that my session
appears to have expired.
Can you reproduce this with a simple single Servlet application?
p
I tried it with the default 30 minute
On 11/01/2012 21:50, Paul Joseph wrote:
> Hi there,
>
> I am running the Cocoon (2.11) servlet in Tomcat 7.0.23 (64 bit version)
> on Windows 2008 R2 (and also in 32 bit on Redhat linux). I am using the
> Java 1.6 JRE.
>
> I have my session timeout set in web.xml to 60 minu
Hi there,
I am running the Cocoon (2.11) servlet in Tomcat 7.0.23 (64 bit version)
on Windows 2008 R2 (and also in 32 bit on Redhat linux). I am using the
Java 1.6 JRE.
I have my session timeout set in web.xml to 60 minutes.
However I find that with about 44 minutes of inactivity that my
e webapp.
I don't see an obvious way to do that using Tomcat provided components.
You could certainly add your own implementation to do it, & expose this
over JMX.
p
> I know there's also a server-level session timeout in tomcat's
> /conf/web.xml but that would 1.affe
Thanks Igor. I made a mistake though. I actually meant "modifying web.xml
and restarting the webapp."
We want to find a way to change session timeouts - even for existing
sessions - without doing a restart of the webapp.
I know there's also a server-level session timeout in
On 14/10/11 04:04, Brian Burch wrote:
I will go quiet for a few days while I checkout 6.0.28 and get it to
build.
Phew! That took me longer than I expected I got 6.0.28 to build,
then ran all the unit tests, then debugged the SSO logic and started to
understand it.
Then I (coded/debugge
session timeout. The difference is that this timeout is applied to the
whole container (all the applications deployed) and is overridden by the
setting in the web.xml per application bases.
On Wed, Nov 30, 2011 at 4:30 PM, Igor Cicimov wrote:
>
>>
> On Wed, Nov 30, 2011 at 4:11
>
>
>
On Wed, Nov 30, 2011 at 4:11 PM, Ellecer Valencia wrote:
> Is there a way to change session timeouts in tomcat via JMX? I've only
> seen the operation called "expireSession", but not one that can change
> the session timeout period.
>
> The only
Is there a way to change session timeouts in tomcat via JMX? I've only
seen the operation called "expireSession", but not one that can change
the session timeout period.
The only way I've found so far to modify session timeouts is by
modifying web.xml and restarting Tomc
On 13/10/11 15:14, Brian Burch wrote:
On 13/10/11 11:39, Brian Burch wrote:
To summarise: the webapp's explicit timeout is not being honoured
because its web.xml does not define a section. Therefore,
the webapp has defaulted to use the NonLoginAuthenticator - which
honours the existing SSO stat
On 13/10/11 15:14, Brian Burch wrote:
I beleve the division of responsibilities between the AuthenticatorBase
abstract class and its extension classes is wrong. At the moment, it is
the responsibility of the concrete class authenticate methods to add the
Session to the existing SingleSignOnEntry
On 13/10/11 11:39, Brian Burch wrote:
To summarise: the webapp's explicit timeout is not being honoured
because its web.xml does not define a section. Therefore,
the webapp has defaulted to use the NonLoginAuthenticator - which
honours the existing SSO state (via the client cookie), but does not
On 13/10/11 05:29, Konstantin Kolinko wrote:
What happens when an non-authenticated user accesses one of those webapps?
It just rejects it with 403, or it should display a login form (and
authenticate him/her and create a SSO cookie), or redirect to another
webapp that has a login form?
Sorry,
2011/10/12 Brian Burch :
>
> OK, it now all makes some kind of sense. I've discovered that the Session
> associated with the second webapp is never being associated with the SSO
> instance created by the first webapp. However, the weird thing is that the
> protected resources of the second webapp a
On 12/10/11 12:35, Brian Burch wrote:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is
exactly as I wanted it to be... only the specific Session is removed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/12/2011 8:53 AM, Brian Burch wrote:
> My tomcat 6.0.28 compiled class for AuthenticatorBase does not
> match the 6.0.33 source code I am debugging with. The SSO Valve is
> pretty much the same.
So get the source for 6.0.28:
http://archi
On 12/10/11 12:51, Konstantin Kolinko wrote:
Something becomes clearer.
Remembering the session as associated with ssoid is performed by
SingleSignOn.associate(..) method. This method is called by
AuthenticatorBase class.
Those webapps with long living sessions - are they protected by
security
2011/10/12 Brian Burch :
>
> I've successfully run a remote debugger session against the SingleSignOn
> Valve while it is handling my timeout scenario.
>
> Interestingly, the logic to handle the timeout of a single webapp is exactly
> as I wanted it to be... only the specific Session is removed fro
On 11/10/11 22:24, Christopher Schultz wrote:
I'm not an expert at SSO, nor have I ever used it on any of my
projects. All my answers should be considered suspicious :)
>
So, it looks like the Valve should *not* be expiring your SSO when the
"static" webapp's session expires. Can you confirm th
pp usually
doesn't know, because HTTP clients generally don't ping-back pages and
say "I'm leaving, now". That's why session timeouts exist. So, your
client leaves the "static" webapp and 20 minutes later, the session
timeout there kills the session, which take
he browser navigates away from a webapp, the webapp usually
doesn't know, because HTTP clients generally don't ping-back pages and
say "I'm leaving, now". That's why session timeouts exist. So, your
client leaves the "static" webapp and 20 minutes later, the
r defined). The static web.xml defines its
> session-timeout to be 20 minutes.
>
>(...)
> 6. The user tries to refresh the second webapp's page after about 25
> minutes, but the GET fails with 403 status and the explanation "access to
> resource has been denied". A
Brian Burch wrote:
...
But I am having trouble understanding the life cycle of a Session. If
the browser has navigated away from my "static" webapp container, into a
completely different webapp container, why does it still have an
associated Session?
Probably because the first webapp has n
ve "just in case".
I suppose what I really need is two levels of timeout logic:
a) each individual webapp already has its own session-timeout defined
within its web.xml. However, when it expires, ONLY THAT INDIVIDUAL
Session should be invalidated.
b) SSO should only invalidate the "
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/11/2011 10:09 AM, Brian Burch wrote:
> 6. The user tries to refresh the second webapp's page after about
> 25 minutes, but the GET fails with 403 status and the explanation
> "access to resource has been denied". Apparently, the user's
>
alled
static, which has its own web.xml. The redirect is to a page which is
protected by a security contraint which requires a FORM-based login
(this server only has an SSL Connector defined). The static web.xml
defines its session-timeout to be 20 minutes.
3. Once the user has authenticated t
**
>>
>> Regards
>> Bill
>> On Sat, Oct 8, 2011 at 1:23 AM, Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>>
> Bill,
>
> On 10/6/2011 7:20 PM, Bill Wang wrote:
>>>>> Recently one of Tomcat application has performance is
George Sexton
MH Software, Inc.
303 438-9585
www.mhsoftware.com
> -Original Message-
> From: Bill Wang [mailto:bw57...@gmail.com]
> Sent: Sunday, October 09, 2011 10:02 PM
> To: Tomcat Users List
> Subject: Re: two questions about the session timeout in tomcat
>
Ah yes, I would also take a thread dump when the server is stuck just in
case the developers are wrong ;)
On Oct 10, 2011 7:18 PM, "Igor Cicimov" wrote:
tly one of Tomcat application has performance issue, which get
> > > slow respond with high sessions.
> >
> > Can you give us some numbers? At what point do things slow down, and
> > by how much do they slow down?
> >
> > > One team member recommend me to
> On 10/6/2011 7:20 PM, Bill Wang wrote:
> > Recently one of Tomcat application has performance issue, which get
> > slow respond with high sessions.
>
> Can you give us some numbers? At what point do things slow down, and
> by how much do they slow down?
>
> > One tea
t Users List
> Subject: two questions about the session timeout in tomcat
>
> Hi Tomcat Guru,
>
> Recently one of Tomcat application has performance issue, which get
> slow
> respond with high sessions.
>
> One team member recommend me to adjust the session timeout from 6
On 07/10/2011 00:20, Bill Wang wrote:
> Hi Tomcat Guru,
>
> Recently one of Tomcat application has performance issue, which get slow
> respond with high sessions.
You should find out exactly why that is, rather than guessing.
> One team member recommend me to adjust the sessi
w down?
> One team member recommend me to adjust the session timeout from 60
> minutes to 30 minutes. I will do that, but before change it, I'd
> like to understand how the performance related with the expire
> session timeout.
>
> 60
I'm not sure performance wi
Hi Tomcat Guru,
Recently one of Tomcat application has performance issue, which get slow
respond with high sessions.
One team member recommend me to adjust the session timeout from 60 minutes
to 30 minutes. I will do that, but before change it, I'd like to understand
how the perfor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 7/11/2011 4:54 PM, André Warnier wrote:
> I think that you need to scroll back in this thread (to July 8), and
> re-read an answer which Charles provided to a previous question of
> mine.
>
> A partial answer resides in this property, whic
p the
session alive for the duration of the timeout after a large upload. So
if my session timeout is 1 minute, it would be nice if I can make a
second request within a minute after a large upload which might have
taken 5 minutes.
I also tried the STRICT_COMPLIANCE system property and set it to tr
I agree. At this point, I'm not so concerned about the Firefox issue.
I will start a separate thread on it later. I still would like to get
some help on keeping the session alive for the duration of the
configured timeout, after a response is sent for a large request. Any
ideas will be greatly appr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 7/11/2011 3:59 PM, André Warnier wrote:
> It seems like there are two quite different issues/discussions going
> on in this same thread, with the same subject line. It is a bit
> confusing, even if originally they relate to the same problem.
It seems like there are two quite different issues/discussions going on in this same
thread, with the same subject line.
It is a bit confusing, even if originally they relate to the same problem.
Would it not be better to split this ?
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sai,
On 7/11/2011 9:29 AM, Sai Pullabhotla wrote:
> I took the threaddump and found that Tomcat's http service thread is
> still blocked on the read from the client after we called the
> forward method. At least, that's how I interpreted this, but be
r the duration of the timeout after a large upload. So
if my session timeout is 1 minute, it would be nice if I can make a
second request within a minute after a large upload which might have
taken 5 minutes.
I also tried the STRICT_COMPLIANCE system property and set it to true
to see if that make
dSession.ACTIVITY_CHECK and set
>> it to true, and it appears to be preventing the session timeout.
>
> Glad to see it's working out for you.
>
>> That's a good news. Some one told me that there might be some
>> performance issues, but I'm not sure how signif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sai,
On 7/9/2011 8:55 AM, Sai Pullabhotla wrote:
> I added the system property
> org.apache.catalina.session.StandardSession.ACTIVITY_CHECK and set
> it to true, and it appears to be preventing the session timeout.
Glad to see it's w
Thank you all for the input.
I added the system property
org.apache.catalina.session.StandardSession.ACTIVITY_CHECK and set it
to true, and it appears to be preventing the session timeout. That's a
good news. Some one told me that there might be some performance
issues, but I'm no
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Uploading large files and session timeout
> The do this cleanly, the servlet would need to call
> HttpSession.getMaxInactiveInterval() at the beginning,
> to save the existing value, then call
> HttpSession.setM
Caldarale, Charles R wrote:
From: Sai Pullabhotla [mailto:sai.pullabho...@jmethods.com]
Subject: Re: Uploading large files and session timeout
As far as I know, the session's lastAccessTime gets updated on each
request from the client (by the container), and there is no public API
to u
> From: Sai Pullabhotla [mailto:sai.pullabho...@jmethods.com]
> Subject: Re: Uploading large files and session timeout
> As far as changing the session timeout from the servlet, I do not
> think it works well when multiple uploads are going simultaneously
> under one session,
could be
as big as a 1gb.
As far as changing the session timeout from the servlet, I do not
think it works well when multiple uploads are going simultaneously
under one session, if we reset (we must, we cannot leave the timeout
at infinity) the timeout to normal value after each upload. I tried
this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sai,
On 7/8/2011 10:25 AM, Sai Pullabhotla wrote:
> If the upload takes longer then the session timeout, the session gets
> invalidated right after the upload. Tis means no further requests are
> accepted unless the user logs back in. Is
1 - 100 of 306 matches
Mail list logo