-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin,
Martin Dubuc wrote: > I am not sure I understand exactly why, but it seems to me that, although > the sessionTimeout.jsp page is not protected, if the user responds to > "Navigate away" prompt after Tomcat removes the session from the session > list, then, Tomcat presents the login form instead of the session expiry > notification page. Perhaps Tomcat is reacting to a request for a different resource. Can you post your access log for the time period around this request? Also, you might want to post your <security-constraint> sections from web.xml. > I would also like to know why ${pageContext.session.maxInactiveInterval} > evaluates to 900 even if I set the session-timeout variable to 1 minute in > the application web.xml configuration file (and even in Tomcat conf/web.xml > file). I find it odd that looking at the manager application main page, the > sessions listed on that page show Expire sessions with idle >= 1 minutes, > but yet, the TTL in the application session page starts at 15 minutes and > session only expires after 15 minutes. Maybe you'd better post that configuration as well. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk1YkoACgkQ9CaO5/Lv0PDHQwCgv2/xLxBa8JMG5UxRQMmXWF14 2osAn3VOaoptfmdDq53bU3Y84vPw+e3v =/Wrd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]