David Wall wrote:
I hope all this 'bot' talk doesn't prevent a resolution to the bug long-standing bug regarding sessions that never terminate, long after
I've been monitoring one of our public apps using Lambda Probe and we don't seem to suffer from the problem, on tc5.5.17. We have our session timeout set to 15 mins by default, which increases to 30 if the user authenticates.
(We also do some server-side validation with javascript on our forms which keeps the session alive while they fill the form out.)
How much of your app is in the public domain, and how much in places that bots can't get to?
they should have expired. All of our web apps have a background thread that periodically terminates sessions that haven't been accessed in 24 hours, even though most of our web apps should auto-expire after 30 minutes, with the longest one being 120 minutes because users need to fill out a lengthy form.
As an aside: if time is an issue with users failing to complete forms inside the session period, you could put explicit onpage notification of the period within which they must complete the form.
A little Javascript would do the trick. regards, Pid
David --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
