Are you using container managed security? Home brewed? Whatever it is, the
problem is most likely not with struts. I'm also guessing that there is no
problem. You need to read the spec on how container managed security works
if that's what your using. We had a lot of problems here with session
timeout and they were all part of the spec. Mainly, that request parameters
are 'lost' when a page is submitted after the session timeout value and your
redirected to your login page (form based auth).
Also, do you invalidate the session after you login? Usually, you would
invalidate a session on a logout.
Michael Lee
----- Original Message -----
From: "Mohan Radhakrishnan" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Tuesday, February 25, 2003 6:36 AM
Subject: Session timeout problem
> Hi,
> Our struts application ( I am not sure if it is the session
> )occasionally timesout and throws us back to the login page.
>
> <session-config>
> <session-timeout>15</session-timeout>
> </session-config>
>
> This is not uniform.
>
> Whenever I login I use code like this
>
> protected void inValidateSession( HttpServletRequest request ){
> HttpSession session = request.getSession( false ); --> Is this
> right?
> if( session != null ){
> session.invalidate();
> }
> }
>
> Does any of you see any problem here ?
>
> Mohan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
