On 23/05/2024 17:01, Jerry Malcolm wrote:
I have some servlets that I can't put security constraints on at the
web.xml level. However, deep down in the code there are some places
that I need a user to be logged in. My overall UI ensures this all
works by having certain JSPs with constraints
I have some servlets that I can't put security constraints on at the
web.xml level. However, deep down in the code there are some places
that I need a user to be logged in. My overall UI ensures this all
works by having certain JSPs with constraints that force the user to log
in before
Channa,
On 10/27/23 00:07, Channa Puchakayala wrote:
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers
ignoring session timeout configured in tomcat
conf web.xml
26 Oct 2023 05:01:49 Channa Puchakayala
:
> Hi All,
>
>
> Tomcat Version : 9.0.75
> Operating System: Windows and Linux
> Bits: 64
>
>
> Tomcat 9.0.75 ignoring session timeout configured in
> tomcat/conf/web.
05:07:20 Channa Puchakayala
:
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting
customers.
==
30
26 Oct 2023 05:01:49 Channa Puchakayala
:
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 ignoring session timeout configured in
tomcat/conf/web.xml, it is overriding previous session timeout setting
and effecting existing customers
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers.
==
30 // 30 minutes
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 ignoring session timeout configured in tomcat/conf/web.xml,
it is overriding previous session timeout setting and effecting existing
customers.
==
30
, want to set a breakpoint. Does
anybody know a code place in tomcat where I can set a breakpoint when
the session timeout is handled?
If you just want to find out what is killing your session, you could
register an HttpSessionListener and dump stack traces to the log any
time a session is either
a successful login with a realm, the user is automatically logged
> out, sometimes after one minute, sometimes other times.
>
>
>
> I have downloaded the source code, want to set a breakpoint. Does anybody
> know a code place in tomcat where I can set a breakpoint when the sessio
a code place in tomcat where I can set a breakpoint when the session timeout is
handled?
Best regards,
Helge
[cid:image001.png@01D9BEEA.8EF13F20] <https://www.de-adp.com/>
Helge Wiemann
Application Developer
Mary-Somerville-Str. 4, DE- 28359 Bremen
T: +49 800 000 6898
helge.wiem...@a
would love for us to find out what's going astray.
> >
> > What you are seeing is expected behaviour. This was discussed in
> > the WebSocket EG. The short version is: - WebSocket requests don't
> > update the session's last accessed time - you need an HTTP request
> > from
On 09/08/17 17:46, Christopher Schultz wrote:
> Websocket ignoramus, here. Is there a way for (websocket) application
> code on the server side to trigger a "touch" of the HttpSession that
> is linked with the connection? Or is the problem that the websocket
> connection and the HTTP connection
m the browser to update the session's last accessed time (and
> update the expiry time of the browser's session cookie) - so the
> application has to do periodic HTTP requests.
>
> You can reduce the frequency of these requests by extending the
> session timeout (remembering you ne
me (and update the expiry time of the browser's
session cookie)
- so the application has to do periodic HTTP requests.
You can reduce the frequency of these requests by extending the session
timeout (remembering you need an HTTP request after this to update the
browser's cookie). You the
accessed time
- you need an HTTP request from the browser to update the session's
last accessed time (and update the expiry time of the browser's
session cookie)
- so the application has to do periodic HTTP requests.
You can reduce the frequency of these requests by extending the session
tim
We're using Tomcat 8.5.16 with Java 1.8.0_91, Vaadin 7.7.10 and
Atmosphere Websockets.
We have had reports of sessions logging out while users are active with
our Vaadin-based application. This has been frustrating as we can't
seem to track down why Tomcat's session is not being updated, but
We just enabled clustering for our 3 tomcat servers, and now the sessions
aren’t expiring. The TTL is negative and the inactive time is very high. We
have this set as the default of 30 minutes.
We are using Tomcat 7.0.51.
Any ideas?
Thanks
Alan
On 21/06/2016 03:54, mw...@loftware.com wrote:
>
>
>> -Original Message-
>> From: Mark Thomas [mailto:ma...@apache.org]
>> Sent: Monday, June 20, 2016 11:32 AM
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Subject: Re: session-timeout a
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Monday, June 20, 2016 11:32 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: session-timeout and maxInactiveInterval
>
> On 20/06/2016 16:00, mw...@loftware.com wrote
On 20/06/2016 16:00, mw...@loftware.com wrote:
> We are running 7.0.69 and Java 1.8.0_91.
>
> We ran into an incident at a customer where the customer had set
> session-timeout to 0 – which according to the servlet 3.0 spec, the
> session should never time out. Howeve
We are running 7.0.69 and Java 1.8.0_91.
We ran into an incident at a customer where the customer had set
session-timeout to 0 - which according to the servlet 3.0 spec, the session
should never time out. However, the customer was basically seeing the session
timeout immediately. When we
sers List <users@tomcat.apache.org>,
Date: 04/09/2015 18:39
Subject: Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 9/4/15 6:14 AM, theo.swe...@avios.com wrote:
> Hi Chris - the servlet spec states "If the time out is 0 or less,
> the conta
ST.
If we look inside web service stats -
Longest session alive time: 183 s / Processing time: 625 ms
Longest session alive time: 207 s / Processing time: 232 ms
The current session timeout is set to 120 seconds, so neither of these
above session times make any sense, unless a dependency is hang
207 s / Processing time: 232 ms
>
> The current session timeout is set to 120 seconds, so neither of
> these above session times make any sense, unless a dependency is
> hanging?
Remember that the session timeout is not session age. If you have a
process which is touching the session more
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 9/3/15 8:28 AM, theo.swe...@avios.com wrote:
> Thanks Chris - that pointer is very helpful.
>
> Can you clarify by setting session-timeout to 0, implies after 60
> seconds the session will expire or does it imply th
Thanks Chris - that pointer is very helpful.
Can you clarify by setting session-timeout to 0, implies after 60 seconds
the session will expire or does it imply the same as -1, that sessions
will not timeout?
0
Theo
From: Christopher Schultz <ch...@christopherschultz.
Hi Chris,
That's pretty much it (except the path for the app's web.xml looks a
little odd).
We are running multi-instance environment and this is why the path is
$CATALINA_BASE/conf/web.xml
Are the web services specifying their own session-timeout in the
application-specific web.xml
mand line mechanism to gracefully terminate sessions?
No, but you can use the Manager app to view session contents and expire
the sessions.
Mark
>
> Theo
>
>
>
>
> From: Mark Thomas <ma...@apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>,
>
org>
To: Tomcat Users List <users@tomcat.apache.org>,
Date: 28/08/2015 19:13
Subject:Re: Tomcat 8 Session Timeout
On 28/08/2015 12:08, theo.swe...@avios.com wrote:
> Hello - currently HTTP sessions are configured to timeout after 120
> seconds, in $CATALINA
:8080/manager/text/expire?path=/examples=0
Do you know if a wildcard can be used for the app name?
Theo
From: Mark Thomas <ma...@apache.org>
To: Tomcat Users List <users@tomcat.apache.org>,
Date: 01/09/2015 09:02
Subject:Re: Tomcat 8 Session Timeout
On 01/0
<ma...@apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>,
> Date: 01/09/2015 09:02
> Subject:Re: Tomcat 8 Session Timeout
>
>
>
> On 01/09/2015 08:53, theo.swe...@avios.com wrote:
>> Hi Mark
>>
>> Tomcat version?
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 9/1/15 4:29 AM, theo.swe...@avios.com wrote:
> Mark - I took a look at the Manager How To Guide as seen here -
>
> https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses
sions
>
> It mentions that it's possible to expire
Hello - currently HTTP sessions are configured to timeout after 120
seconds, in $CATALINA_BASE/conf/web.xml
session-config
session-timeout2/session-timeout
/session-config
However this is not being honoured by the web services, where many session
are lasting longer.
From what I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Theo,
On 8/28/15 12:08 PM, theo.swe...@avios.com wrote:
Hello - currently HTTP sessions are configured to timeout after 120
seconds, in $CATALINA_BASE/conf/web.xml
session-config session-timeout2/session-timeout
/session-config
I'd highly
On 28/08/2015 12:08, theo.swe...@avios.com wrote:
Hello - currently HTTP sessions are configured to timeout after 120
seconds, in $CATALINA_BASE/conf/web.xml
session-config
session-timeout2/session-timeout
/session-config
However this is not being honoured by the web
It is not feasible to determine the difference between a timed-out
session and a user who had no session to begin with.
Couldn't you use the presence/absence of a session id cookie?
Chris
-
To unsubscribe, e-mail:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 3/18/14, 7:31 AM, chris derham wrote:
It is not feasible to determine the difference between a
timed-out session and a user who had no session to begin with.
Couldn't you use the presence/absence of a session id cookie?
Not really.
:48 PM, Akash Jain
akash.delh...@gmail.com wrote: Leo,
If any request comes after session timeout interval ... why
would it go
into error ?
Perhaps because the request/response that was created with a
session is no longer valid after the session timeout. What other
option would you have
request comes after session timeout interval ... why would it go
into error ?
Perhaps because the request/response that was created with a session is no
longer valid after the session timeout. What other option would you have
if not an error-page?
Hi, Akash-
Seems like a fairly simple filter
On 3/14/2014 4:18 PM, Akash Jain wrote:
I want to redirect user to / with a query parameter to indicate that
session has timed out.
I don't follow you. What do you mean by use a query parameter? You
want to display a notification to the user in the URL?
Do you mean like this:
I have following configuration in `web.xml` in tomcat 7. I am wondering if
I can add any configurable parameter here, so that if user tries to do any
operation post 30 minutes, I redirect the user to our home page.
session-config
session-timeout30/session-timeout
cookie
.
session-config
session-timeout30/session-timeout
cookie-config
domainmydomain.mycompany.com/domain
http-onlytrue/http-only
securefalse/secure
/cookie-config
tracking-modeCOOKIE/tracking-mode
Leo,
If any request comes after session timeout interval ... why would it go
into error ?
I want to keep the session timeout and error scenarios different.
On Fri, Mar 14, 2014 at 3:34 PM, Leo Donahue donahu...@gmail.com wrote:
On Fri, Mar 14, 2014 at 3:04 PM, Akash Jain akash.delh
On Fri, Mar 14, 2014 at 3:48 PM, Akash Jain akash.delh...@gmail.comwrote:
Leo,
If any request comes after session timeout interval ... why would it go
into error ?
Perhaps because the request/response that was created with a session is no
longer valid after the session timeout. What other
I want to redirect user to / with a query parameter to indicate that
session has timed out.
On Fri, Mar 14, 2014 at 4:01 PM, Leo Donahue donahu...@gmail.com wrote:
On Fri, Mar 14, 2014 at 3:48 PM, Akash Jain akash.delh...@gmail.com
wrote:
Leo,
If any request comes after session timeout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nagaraj,
On 6/25/13 12:49 AM, Nagaraj Mandya wrote:
Hello, I am running Apache Tomcat 7.0.4 on Linux and the
session-timeout is configured to 30 minutes.
Hopefully, you mean Tomcat 7.0.40 or 7.0.41. If not, upgrade.
All requests from my
On Tue, Jun 25, 2013 at 12:49 AM, Nagaraj Mandya nman...@gmail.com wrote:
All requests from my client pass in the session cookie. However, I do not
want the session timeout counter to get reset for certain URLs.
Is your app a (JSF) web application?
AJAX and Partial Page update/rendering
Hello,
I am running Apache Tomcat 7.0.4 on Linux and the session-timeout is
configured to 30 minutes. All requests from my client pass in the session
cookie. However, I do not want the session timeout counter to get reset for
certain URLs.
Is there a way to configure Tomcat to ignore certain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul,
On 1/13/12 3:26 PM, Paul Joseph wrote:
This was a false alarm. My apologies.
Any specifics? It's nice to be able to point to a message in the
archives and say maybe you are doing /this/ to help someone find an
error in their own webapp.
-
have my session timeout set in web.xml to 60 minutes.
Just to clarify, which web.xml file?
However I find that with about 44 minutes of inactivity that my session
appears to have expired.
Can you reproduce this with a simple single Servlet application?
p
I tried it with the default 30 minute
On 11/01/2012 21:50, Paul Joseph wrote:
Hi there,
I am running the Cocoon (2.11) servlet in Tomcat 7.0.23 (64 bit version)
on Windows 2008 R2 (and also in 32 bit on Redhat linux). I am using the
Java 1.6 JRE.
I have my session timeout set in web.xml to 60 minutes.
Just to clarify, which
Hi there,
I am running the Cocoon (2.11) servlet in Tomcat 7.0.23 (64 bit version)
on Windows 2008 R2 (and also in 32 bit on Redhat linux). I am using the
Java 1.6 JRE.
I have my session timeout set in web.xml to 60 minutes.
However I find that with about 44 minutes of inactivity that my
way to do that using Tomcat provided components.
You could certainly add your own implementation to do it, expose this
over JMX.
p
I know there's also a server-level session timeout in tomcat's
/conf/web.xml but that would 1.affect all webapps (we only want to affect
the older version - foo
Thanks Igor. I made a mistake though. I actually meant modifying web.xml
and restarting the webapp.
We want to find a way to change session timeouts - even for existing
sessions - without doing a restart of the webapp.
I know there's also a server-level session timeout in tomcat's
/conf
Is there a way to change session timeouts in tomcat via JMX? I've only
seen the operation called expireSession, but not one that can change
the session timeout period.
The only way I've found so far to modify session timeouts is by
modifying web.xml and restarting Tomcat.
However, in our
On Wed, Nov 30, 2011 at 4:11 PM, Ellecer Valencia elle...@gmail.com wrote:
Is there a way to change session timeouts in tomcat via JMX? I've only
seen the operation called expireSession, but not one that can change
the session timeout period.
The only way I've found so far to modify
the
session timeout. The difference is that this timeout is applied to the
whole container (all the applications deployed) and is overridden by the
setting in the web.xml per application bases.
On Wed, Nov 30, 2011 at 4:30 PM, Igor Cicimov icici...@gmail.com wrote:
On Wed, Nov 30, 2011 at 4:11 PM
session-timeout will NOT be honoured. In
fact, once the last SSO-participating Session is expired, the NonLogin
webapp will effectively become instantly unauthenticated and so its next
protected resource access will be forbidden.
7.2. If SSO is used with a browser that does not accept cookies (I
On 13/10/11 05:29, Konstantin Kolinko wrote:
What happens when an non-authenticated user accesses one of those webapps?
It just rejects it with 403, or it should display a login form (and
authenticate him/her and create a SSO cookie), or redirect to another
webapp that has a login form?
On 13/10/11 11:39, Brian Burch wrote:
To summarise: the webapp's explicit timeout is not being honoured
because its web.xml does not define a login-config section. Therefore,
the webapp has defaulted to use the NonLoginAuthenticator - which
honours the existing SSO state (via the client cookie),
On 13/10/11 15:14, Brian Burch wrote:
I beleve the division of responsibilities between the AuthenticatorBase
abstract class and its extension classes is wrong. At the moment, it is
the responsibility of the concrete class authenticate methods to add the
Session to the existing SingleSignOnEntry
On 13/10/11 15:14, Brian Burch wrote:
On 13/10/11 11:39, Brian Burch wrote:
To summarise: the webapp's explicit timeout is not being honoured
because its web.xml does not define a login-config section. Therefore,
the webapp has defaulted to use the NonLoginAuthenticator - which
honours the
On 11/10/11 22:24, Christopher Schultz wrote:
I'm not an expert at SSO, nor have I ever used it on any of my
projects. All my answers should be considered suspicious :)
So, it looks like the Valve should *not* be expiring your SSO when the
static webapp's session expires. Can you confirm that
2011/10/12 Brian Burch br...@pingtoo.com:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is exactly
as I wanted it to be... only the specific Session is
On 12/10/11 12:51, Konstantin Kolinko wrote:
Something becomes clearer.
Remembering the session as associated with ssoid is performed by
SingleSignOn.associate(..) method. This method is called by
AuthenticatorBase class.
Those webapps with long living sessions - are they protected by
security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/12/2011 8:53 AM, Brian Burch wrote:
My tomcat 6.0.28 compiled class for AuthenticatorBase does not
match the 6.0.33 source code I am debugging with. The SSO Valve is
pretty much the same.
So get the source for 6.0.28:
On 12/10/11 12:35, Brian Burch wrote:
I've successfully run a remote debugger session against the SingleSignOn
Valve while it is handling my timeout scenario.
Interestingly, the logic to handle the timeout of a single webapp is
exactly as I wanted it to be... only the specific Session is
2011/10/12 Brian Burch br...@pingtoo.com:
OK, it now all makes some kind of sense. I've discovered that the Session
associated with the second webapp is never being associated with the SSO
instance created by the first webapp. However, the weird thing is that the
protected resources of the
Engine, within the Host definition. It seems to work fine.
1. conf/web.xml sets session-timeout to 30 minutes. (I believe this
will be the default used by webapps that do not explicitly define a
value within their individual web.xml files.)
2. My root welcome page does an html redirect to a small
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
On 10/11/2011 10:09 AM, Brian Burch wrote:
6. The user tries to refresh the second webapp's page after about
25 minutes, but the GET fails with 403 status and the explanation
access to resource has been denied. Apparently, the user's
has its own session-timeout defined
within its web.xml. However, when it expires, ONLY THAT INDIVIDUAL
Session should be invalidated.
b) SSO should only invalidate the single sign-on instance/entry when
THE FINAL webapp Session is expired or otherwise invalidated (and the
Session array is empty
Brian Burch wrote:
...
But I am having trouble understanding the life cycle of a Session. If
the browser has navigated away from my static webapp container, into a
completely different webapp container, why does it still have an
associated Session?
Probably because the first webapp has no
defined). The static web.xml defines its
session-timeout to be 20 minutes.
(...)
6. The user tries to refresh the second webapp's page after about 25
minutes, but the GET fails with 403 status and the explanation access to
resource has been denied. Apparently, the user's session has been timed out
know, because HTTP clients generally don't ping-back pages and
say I'm leaving, now. That's why session timeouts exist. So, your
client leaves the static webapp and 20 minutes later, the session
timeout there kills the session, which takes-down the whole SSO session.
I can understand how
, now. That's why session timeouts exist. So, your
client leaves the static webapp and 20 minutes later, the session
timeout there kills the session, which takes-down the whole SSO session.
I can understand how the browser would retain two Sessions if it
held two tabs open, one to each webapp
performance issue, which get
slow respond with high sessions.
Can you give us some numbers? At what point do things slow down, and
by how much do they slow down?
One team member recommend me to adjust the session timeout from 60
minutes to 30 minutes. I will do that, but before change
Ah yes, I would also take a thread dump when the server is stuck just in
case the developers are wrong ;)
On Oct 10, 2011 7:18 PM, Igor Cicimov icici...@gmail.com wrote:
George Sexton
MH Software, Inc.
303 438-9585
www.mhsoftware.com
-Original Message-
From: Bill Wang [mailto:bw57...@gmail.com]
Sent: Sunday, October 09, 2011 10:02 PM
To: Tomcat Users List
Subject: Re: two questions about the session timeout in tomcat
Hi Chris, Pid Geroge
performance issue, which get
slow respond with high sessions.
Can you give us some numbers? At what point do things slow down, and
by how much do they slow down?
One team member recommend me to adjust the session timeout from 60
minutes to 30 minutes. I will do that, but before change it, I'd
application has performance issue, which get
slow respond with high sessions.
Can you give us some numbers? At what point do things slow down, and
by how much do they slow down?
One team member recommend me to adjust the session timeout from 60
minutes to 30 minutes. I will do
Subject: two questions about the session timeout in tomcat
Hi Tomcat Guru,
Recently one of Tomcat application has performance issue, which get
slow
respond with high sessions.
One team member recommend me to adjust the session timeout from 60
minutes
to 30 minutes. I will do
?
One team member recommend me to adjust the session timeout from 60
minutes to 30 minutes. I will do that, but before change it, I'd
like to understand how the performance related with the expire
session timeout.
session-timeout60/session-timeout
I'm not sure performance will change at all
On 07/10/2011 00:20, Bill Wang wrote:
Hi Tomcat Guru,
Recently one of Tomcat application has performance issue, which get slow
respond with high sessions.
You should find out exactly why that is, rather than guessing.
One team member recommend me to adjust the session timeout from 60
Hi Tomcat Guru,
Recently one of Tomcat application has performance issue, which get slow
respond with high sessions.
One team member recommend me to adjust the session timeout from 60 minutes
to 30 minutes. I will do that, but before change it, I'd like to understand
how the performance
to be preventing the session timeout.
Glad to see it's working out for you.
That's a good news. Some one told me that there might be some
performance issues, but I'm not sure how significant they are.
It was I who mentioned potential performance degradation. If you aren't
in a super-high
for the duration of the timeout after a large upload. So
if my session timeout is 1 minute, it would be nice if I can make a
second request within a minute after a large upload which might have
taken 5 minutes.
I also tried the STRICT_COMPLIANCE system property and set it to true
to see if that makes any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sai,
On 7/11/2011 9:29 AM, Sai Pullabhotla wrote:
I took the threaddump and found that Tomcat's http service thread is
still blocked on the read from the client after we called the
forward method. At least, that's how I interpreted this, but
It seems like there are two quite different issues/discussions going on in this same
thread, with the same subject line.
It is a bit confusing, even if originally they relate to the same problem.
Would it not be better to split this ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 7/11/2011 3:59 PM, André Warnier wrote:
It seems like there are two quite different issues/discussions going
on in this same thread, with the same subject line. It is a bit
confusing, even if originally they relate to the same problem.
I agree. At this point, I'm not so concerned about the Firefox issue.
I will start a separate thread on it later. I still would like to get
some help on keeping the session alive for the duration of the
configured timeout, after a response is sent for a large request. Any
ideas will be greatly
the
session alive for the duration of the timeout after a large upload. So
if my session timeout is 1 minute, it would be nice if I can make a
second request within a minute after a large upload which might have
taken 5 minutes.
I also tried the STRICT_COMPLIANCE system property and set it to true
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 7/11/2011 4:54 PM, André Warnier wrote:
I think that you need to scroll back in this thread (to July 8), and
re-read an answer which Charles provided to a previous question of
mine.
A partial answer resides in this property, which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sai,
On 7/9/2011 8:55 AM, Sai Pullabhotla wrote:
I added the system property
org.apache.catalina.session.StandardSession.ACTIVITY_CHECK and set
it to true, and it appears to be preventing the session timeout.
Glad to see it's working out for you
Thank you all for the input.
I added the system property
org.apache.catalina.session.StandardSession.ACTIVITY_CHECK and set it
to true, and it appears to be preventing the session timeout. That's a
good news. Some one told me that there might be some performance
issues, but I'm not sure how
We have an application that uploads files using a Servlet deployed in
Tomcat 6. While this works most of the times, occasionally we run into
issues uploading large files. If the upload takes longer then the
session timeout, the session gets invalidated right after the upload.
Tis means no further
Sai Pullabhotla wrote:
We have an application that uploads files using a Servlet deployed in
Tomcat 6. While this works most of the times, occasionally we run into
issues uploading large files. If the upload takes longer then the
session timeout, the session gets invalidated right after
, occasionally we run into
issues uploading large files. If the upload takes longer then the
session timeout, the session gets invalidated right after the upload.
Tis means no further requests are accepted unless the user logs back
in. Is this the expected behavior? Is there any way to work around
Just to give more details...
The session timeout setting is stored in our application's database.
Admins can change the session timeout from the UI we provide. We did
this to make it easy for our customers to set the desired timeout
rather than telling them going into web.xml and updating
to temporary files, and use a
separate process to move those images into the database.
On Fri, Jul 8, 2011 at 3:03 PM, Sai Pullabhotla
sai.pullabho...@jmethods.com wrote:
Just to give more details...
The session timeout setting is stored in our application's database.
Admins can change the session
1 - 100 of 291 matches
Mail list logo