Hi, > We've set our session expiration to 12 hours (I know it's long) and > we're seeing behavior where certain browsers (namely IE) apparently > can't count that high (we set the meta Refresh header but the page > doesn't reload after the allotted time, session expiration time + 20 > minutes).
Are you saying that certain browser will never expire their sessions? Or are you saying that certain browsers kill their sessions before 12 hours (because they can't count that high)? > Since this issue was discovered, we've added background AJAX timers on > some of our web pages that refresh (authenticated) content. While this > happily works, unfortunately, if the user chooses to remain on one of > these pages, and then goes on vacation, the session stays active because > the AJAX calls keep the session alive. The way I understand it - you are using ajax to keep a session alive. Why not set the session expiration to live as long as the browser is open, or for some other length of time? The session mechanism should work. I don't understand the need to hack sessions using ajax. > it puts the onus on the browser to inform the server that the > user's session needs to be expired. Isn't that part of the browser's job? --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
