Channa,
On 10/27/23 00:07, Channa Puchakayala wrote:
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers.
==========================
<session-config>
<session-timeout>30</session-timeout> // 30 minutes
</session-config>
=========================
Verified the Tomcat source code
-FormAuthenticator overriding above configured session timeout setting
(30 minutes) with value (120 seconds)
-As per FormAuthenticator.Java, this change/issue started from Tomcat
Version : 9.0.74 for FORM Authentication and it overwrites the original
session-timeout value
-This issue/behavior not observed in 9.0.73
Verified the Tomcat documentation
-Verified the tomcat changelog, there is a fix/change went in Tomcat
9.0.74 below related to FORM Based Authentication Session @
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
<https://tomcat.apache.org/tomcat-9.0-doc/changelog.html>, looks which
is causing this issue.
Can you please state clearly what the issue actually is? This is
documented behavior of Tomcat. There is a well-documented setting that
you can adjust if necessary.
Are you reporting a problem? If so, it is not clear from your message above.
What test did you perform?
What did you expect to happen?
What actually happened that was different from your expectation?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
