-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 9/15/2010 7:44 PM, André Warnier wrote: > Debbie Shapiro wrote: >> Exactly. We have to follow FDA guidelines for validation of OTS >> software and our validation expert is testing for this now. We want to >> make sure that security is in place that if the app is left alone for >> a period of time other users won't have access to it. >> > More seriously, if I was you I would kindly inform the vendor that their > heartbeat feature is preventing their application from being validated > by the FDA, and that in consequence they may be losing a big market > share; and I would wait to see how long it takes before you obtain a > 10.3 pre-release. There is a workaround: write a Filter (you know how I love to write Filters): The filter would check the session for a special timestamp attribute. If the current URL is /not/ the URL to the heartbeat, then update the timestamp in the session. If it /is/ the heartbeat URL, then perform a check: is the timestamp stored in the session older than - whatever you want. If it is, call session.invalidate() and force the session to die. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkySYZsACgkQ9CaO5/Lv0PA1BwCeMf/Bsg4NFALRRgfRE4amvO7O ZwkAn0/h5TQZaN202/2k+4CtukOIke0B =+Jp7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
