Hi Where abouts should I insert/subclass code to set the HttpSession setMaxInactiveInterval value once a successful authentication has taken place? We need to limit users to 5 minutes once they've logged in, while anonymous users can have the default timeout of the webapp. I did have this in a Struts action that was my defaultTargetUrl but this surely won't work when a user is forced to login by attempting to access a protected URL. cheers Tim
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
