On Fri, 20 Dec 2002, Kenny G. Dubuisson, Jr. wrote: > Simple minded as I am, I still believe with everything I have that > there MUST be a setting in Tomcat that controls how often new > session ID's are generated. If I have a simple page that does > nothing but a "session.getId()" and it returns a new session ID > every 60 mins, there must be something in Tomcat that sets this > interval. Obviously this setting is missing from my config files so > that Tomcat uses it's default. Has no one ever wanted to change > this setting before? I hate to sound beligerent but I've authored > and released what I feel to be a very nice application/web site but > the only feedback I'm getting is litterally users screaming at me > because I haven't fixed this yet. I'm going to have to start > looking at redesigning the login/verification process on every page > (not a big site but still 20K of code) to work around this issue > when I feel it has to be a simple setting.
First of all, I couldn't tell from your description in your first message in this thread the other day whether you're using your own session cookie mechanism, or whether you're using the standard session API mechanism. Could you clarify that? If you are using your own, what you're seeing could be some artifact of that. Otherwise, instead of assuming there is some simple setting to change, I'd suggest taking a closer look at your own code, and how you're using the built-in facilities, even posting the code here if you're not sure, to see if the problem lies there. Several people have already pointed out the standard mechanisms for handling session timeouts, and I'm not sure there's anything else to say about that -- it looks like a dead end. BTW, do you really have a page that just does session.getId() and you're seeing this problem with that? I'd also suggest you really verify that it is the regular session timeout that is going on. You might be able to do that bu checking the logs, or at worst, write your own SessionActivationListener (or whatever it's called) to catch the session being deactivated and record that. Actually, if the session is being deactivated/renewed an hour after it's created, regardless of activity, then it most likely is not the standard session timeout that's causing it, because that's an *idle* timeout, not a duration timeout. In sum, I really think you need to do some more investigation into what's going on, by checking logs and/or trying some things to see what happens, etc., as opposed to looking for a quick fix. Sorry, but that's generally the way things work. Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
