On 26/02/2010 14:58, Xiaojun Deng wrote:
On Fri, Feb 26, 2010 at 8:51 PM, Pid<p...@pidster.com> wrote:
On 26/02/2010 09:59, Xiaojun Deng wrote:
On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote:
On 26/02/2010 04:15, Xiaojun Deng wrote:
Hello,
I use the Tomcat SSO function, and I found that when I restart my tomcat
or the
session timeout, I refresh the page, the cookie JSESSIONIDSSO keep the
old value,
so I can't login my application.
And the web application's JSESSIONID works well, they can reset the
cookie value.
Is there a way to configure for the JSESSIONIDSSO?
server.xml content
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Realm className="org.apache.catalina.realm.SSOMultipleDSRealm" />
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
requireReauthentication="false"/>
</Host>
Thanks.
What are your exact Tomcat, JVM, OS versions?
CentOS release 5.2 (Final) kernel 2.6.18-92.el5
Tomcat 6.0.20
JVM jdk_1.6.0_14
How many applications do you have deployed, and what is the session timeout
for each one?
I deployed 3 applications, and two session timeout are 60min, and the
rest is 5min for testing,
OK - so if you're using the SSO valve, then the longer session timeout
should mean that the users of the app with the shorter one is
automatically logged in again.
All the applications' JSESSIONID can be reset when the session timeout
(5min) or server restart (I checked the Firefox cookies manager),
but the JSESSIONIDSSO value can't be reset, it keep the old cookie
value, and when login into the server again, it failed caused by using
a old
cookie value, but the server have created a new session cookie.
I'm not entirely sure I understand what you mean here. The value of
JSESSIONID may change, but the session itself should remain intact.
What is failing, exactly, and what symptoms are you seeing? The user is
logged out, or an error page?
Actually, I don't know who manages the JSESSIONIDSSO, I think the
JSESSIONID managed by each application, and it can refresh when
session timeout, but why the JSESSIONIDSSO can't work well?
Thanks.
The %CATALINA_HOME%/conf/context.xml file contains a documented setting
which allows the session to be persisted during restarts. If it is
enabled then the session will be restored to each user, after restart.
p
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
