On 01/03/2010 07:49, Xiaojun Deng wrote:
On Fri, Feb 26, 2010 at 03:28:50PM +0000, Pid wrote:
On 26/02/2010 14:58, Xiaojun Deng wrote:
On Fri, Feb 26, 2010 at 8:51 PM, Pid<p...@pidster.com> wrote:
On 26/02/2010 09:59, Xiaojun Deng wrote:
On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote:
On 26/02/2010 04:15, Xiaojun Deng wrote:
Hello,
I use the Tomcat SSO function, and I found that when I restart my tomcat
or the
session timeout, I refresh the page, the cookie JSESSIONIDSSO keep the
old value,
so I can't login my application.
And the web application's JSESSIONID works well, they can reset the
cookie value.
Is there a way to configure for the JSESSIONIDSSO?
server.xml content
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Realm className="org.apache.catalina.realm.SSOMultipleDSRealm" />
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
requireReauthentication="false"/>
</Host>
Thanks.
What are your exact Tomcat, JVM, OS versions?
CentOS release 5.2 (Final) kernel 2.6.18-92.el5
Tomcat 6.0.20
JVM jdk_1.6.0_14
How many applications do you have deployed, and what is the session timeout
for each one?
I deployed 3 applications, and two session timeout are 60min, and the
rest is 5min for testing,
OK - so if you're using the SSO valve, then the longer session
timeout should mean that the users of the app with the shorter one is
automatically logged in again.
yes, thanks for your comments
All the applications' JSESSIONID can be reset when the session timeout
(5min) or server restart (I checked the Firefox cookies manager),
but the JSESSIONIDSSO value can't be reset, it keep the old cookie
value, and when login into the server again, it failed caused by using
a old
cookie value, but the server have created a new session cookie.
I'm not entirely sure I understand what you mean here. The value of
JSESSIONID may change, but the session itself should remain intact.
What is failing, exactly, and what symptoms are you seeing? The user
is logged out, or an error page?
I'm sorry for the descriptions, maybe it's a complex problem for me...
Because I used the JSESSIONIDSSO value to validate, and I just want to the
value will change when the session timout or server restart, but when session
timeouted,
the firefox cookie still keeped the old value, I don't know what happened.
Uaed the JSESSIONIDSSO value to validate what?
Actually, I don't know who manages the JSESSIONIDSSO, I think the
JSESSIONID managed by each application, and it can refresh when
session timeout, but why the JSESSIONIDSSO can't work well?
Thanks.
The %CATALINA_HOME%/conf/context.xml file contains a documented
setting which allows the session to be persisted during restarts. If
it is enabled then the session will be restored to each user, after
restart.
I don't enable it.
A session(JSESSIONID) is managed by the web application, like
webapps/app1
webapps/app2
But who manages the JSESSIONIDSSO?
The SingleSignOnValve in the Host.
Now I resolved this problem via deleting the JSESSIONIDSSO cookie value, and it
will create a new value, and work well.
I don't understand that, but hey.
p
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
