Tokens are tied to the session. If the session disappears, so does the ability to compare tokens. Why? A unique number (token) is generated and stored in the session, which is then reprinted in the JSP as a hidden field. When the form is submitted back, the hidden field is checked against the session attribute. These must match for it to work.
Paul On 9/23/07, Laurie Harper <[EMAIL PROTECTED]> wrote: > > [EMAIL PROTECTED] wrote: > > Hello, > > > > I'm using the Transaction Token in my Struts138 App. But it seems the > > token has a very short lifetime. I guess about 1-2 Minutes. How can I > > manually correct it? > > My inactivity timeout is set to 20 mins - so my token should be set to > > the same value. > > Can someone tell me how and where? > > I haven't used transaction tokens, but my understanding was that they're > tied to the session. In that case, they shouldn't time out unless the > session times out. Can you give some more details about how you're using > them and how you're measuring this timeout? > > L. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >