-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin,

Martin Dubuc wrote:
> I am not sure I understand exactly why, but it seems to me that, although
> the sessionTimeout.jsp page is not protected, if the user responds to
> "Navigate away" prompt after Tomcat removes the session from the session
> list, then, Tomcat presents the login form instead of the session expiry
> notification page.

Perhaps Tomcat is reacting to a request for a different resource. Can
you post your access log for the time period around this request? Also,
you might want to post your <security-constraint> sections from web.xml.

> I would also like to know why ${pageContext.session.maxInactiveInterval}
> evaluates to 900 even if I set the session-timeout variable to 1 minute in
> the application web.xml configuration file (and even in Tomcat conf/web.xml
> file). I find it odd that looking at the manager application main page, the
> sessions listed on that page show Expire sessions with idle >= 1 minutes,
> but yet, the TTL in the application session page starts at 15 minutes and
> session only expires after 15 minutes.

Maybe you'd better post that configuration as well.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk1YkoACgkQ9CaO5/Lv0PDHQwCgv2/xLxBa8JMG5UxRQMmXWF14
2osAn3VOaoptfmdDq53bU3Y84vPw+e3v
=/Wrd
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to