On Fri, Feb 26, 2010 at 03:28:50PM +0000, Pid wrote: >On 26/02/2010 14:58, Xiaojun Deng wrote: >>On Fri, Feb 26, 2010 at 8:51 PM, Pid<p...@pidster.com> wrote: >>>On 26/02/2010 09:59, Xiaojun Deng wrote: >>>> >>>>On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote: >>>>> >>>>>On 26/02/2010 04:15, Xiaojun Deng wrote: >>>>>> >>>>>>Hello, >>>>>> >>>>>>I use the Tomcat SSO function, and I found that when I restart my tomcat >>>>>>or the >>>>>>session timeout, I refresh the page, the cookie JSESSIONIDSSO keep the >>>>>>old value, >>>>>>so I can't login my application. >>>>>> >>>>>>And the web application's JSESSIONID works well, they can reset the >>>>>>cookie value. >>>>>> >>>>>>Is there a way to configure for the JSESSIONIDSSO? >>>>>> >>>>>>server.xml content >>>>>><Host name="localhost" appBase="webapps" >>>>>>unpackWARs="true" autoDeploy="true" >>>>>>xmlValidation="false" xmlNamespaceAware="false"> >>>>>> >>>>>><Realm className="org.apache.catalina.realm.SSOMultipleDSRealm" /> >>>>>><!-- SingleSignOn valve, share authentication between web applications >>>>>>Documentation at: /docs/config/valve.html --> >>>>>><Valve className="org.apache.catalina.authenticator.SingleSignOn" >>>>>>requireReauthentication="false"/> >>>>>></Host> >>>>>> >>>>>>Thanks. >>>>> >>>>>What are your exact Tomcat, JVM, OS versions? >>>>> >>>> >>>>CentOS release 5.2 (Final) kernel 2.6.18-92.el5 >>>>Tomcat 6.0.20 >>>>JVM jdk_1.6.0_14 >>> >>> >>>How many applications do you have deployed, and what is the session timeout >>>for each one? >>> >> >>I deployed 3 applications, and two session timeout are 60min, and the >>rest is 5min for testing, > >OK - so if you're using the SSO valve, then the longer session >timeout should mean that the users of the app with the shorter one is >automatically logged in again. > yes, thanks for your comments > >>All the applications' JSESSIONID can be reset when the session timeout >>(5min) or server restart (I checked the Firefox cookies manager), >>but the JSESSIONIDSSO value can't be reset, it keep the old cookie >>value, and when login into the server again, it failed caused by using >>a old >>cookie value, but the server have created a new session cookie. > >I'm not entirely sure I understand what you mean here. The value of >JSESSIONID may change, but the session itself should remain intact. > >What is failing, exactly, and what symptoms are you seeing? The user >is logged out, or an error page? >
I'm sorry for the descriptions, maybe it's a complex problem for me... Because I used the JSESSIONIDSSO value to validate, and I just want to the value will change when the session timout or server restart, but when session timeouted, the firefox cookie still keeped the old value, I don't know what happened. > >>Actually, I don't know who manages the JSESSIONIDSSO, I think the >>JSESSIONID managed by each application, and it can refresh when >>session timeout, but why the JSESSIONIDSSO can't work well? >> >>Thanks. > >The %CATALINA_HOME%/conf/context.xml file contains a documented >setting which allows the session to be persisted during restarts. If >it is enabled then the session will be restored to each user, after >restart. > I don't enable it. A session(JSESSIONID) is managed by the web application, like webapps/app1 webapps/app2 But who manages the JSESSIONIDSSO? Now I resolved this problem via deleting the JSESSIONIDSSO cookie value, and it will create a new value, and work well. Thanks. > >p > > >>>>>>--------------------------------------------------------------------- >>>>>>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>>For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>> >>>>> >>>>> >>>>>--------------------------------------------------------------------- >>>>>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>> >>> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org