> I don't want my sessions/continuations to have long time-out periods for
security reasons. It's ok to have them log in again if their session is
timed out
> after eg a half hour. But then again, when they are editing a form, this
might take some time, and the responsibility of keeping this form window
> open/uncommitted is completely on their side. So if they are off to
McDonalds during editing, it's their own decision to leave that window
open.
this I don't understand coz you started this discussion with the fact that
you want your continuations to stay alive long enough but you don't want
to increase your session timeout?? the continuation might survive the
container session but in my opinion this will be a confusing situation for
the end user
Jan Hoskens <[EMAIL PROTECTED]>
13/02/2006 11:31
Please respond to
users@cocoon.apache.org
To
users@cocoon.apache.org
cc
Subject
Re: continuations
Fabrizio Sitzia wrote:
Hello,
I have a flow in which I create a form. When this form is displayed, I
like to keep the continuation to stay alive for as long as the user is
filling in that form (which can take more than one hour, depends on how
many times the user is refilling his cup of tea or coffee, and how many
colleagues are passing by to have a nice chat with...
Yep, and people tend to get very upset if they spent 5 minutes beginning
to fill out a form just before they left for a 2 hour lunch, and find
their session has expired when they come back!
For a less security-critical intranet app, I therefore defined a timeout
of 4 hours, as follows:
- In "cocoon.xconf", I set the continuations-manager's time-to-live"
attribute to 14400000 (4 hours * 3600 seconds * 1000 milliseconds :-)
I also set the "session-bound-continuations" attribute to "true", as
there is no point leaving continuations around when the servlet
container's session has expired...
That's correct, I'll definitely check that session-bound-continuations
attribute, thanks for the info.
- I also set the servlet container's (Jetty) session-timeout to 4 hours
(240 minutes), by adding the following to its "web.xml" file:
...
<session-config>
<session-timeout>240</session-timeout>
</session-config>
</web-app>
I don't want my sessions/continuations to have long time-out periods for
security reasons. It's ok to have them log in again if their session is
timed out after eg a half hour. But then again, when they are editing a
form, this might take some time, and the responsibility of keeping this
form window open/uncommitted is completely on their side. So if they are
off to McDonalds during editing, it's their own decision to leave that
window open.
Kind Regards,
Jan
Fabrizio
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
