Re: connection timeout reached JK IsapiRedirect.dll
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ah sorry, I mean IIS 6 (the newest one). - -reynir Reynir Hubner wrote: Hi, I'm using tomcat 4.1.x and Coyote JK connector, with IIS 5. I just updated to isapi_redirect-1.2.14.dll. I did that because I've been getting alot of those error messages into the log(stderr.log): - 12.10.2005 09:50:53 org.apache.jk.common.ChannelSocket processConnection - INFO: connection timeout reached Can anyone explaine these (still coming after the update). this is the config for the connector : Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=275 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=1 useURIValidationHack=false tomcatAuthentication=true protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ thanx, [EMAIL PROTECTED] - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTOFG19KgIQihNwgRAtBdAJ9Tzd03Xisk0cmCIzmXN3ijGICvKwCaA/Hw ZmGsSQ7Sv2iijXswfVLhHV4= =dnj5 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout issues
On 15/09/05, Leon Rosenberg [EMAIL PROTECTED] wrote: Hi, I don't know if this fits, but could it be, that your problem is related to the tomcat session synchronization bug? http://issues.apache.org/bugzilla/show_bug.cgi?id=36541 That does look like a potential issue. However, I think I may have tracked this down to cookies and switching between HTTP and HTTPS. There are two scenarios: 1) User starts at an HTTP page and is given a cookie. This cookie can be used in secure and non secure requests. 2) User starts at an HTTPS page and is given a cookie. This cookie is only valid for secure requests (because it has Set-Cookie: ;Secure in the response header). When a user is redirected to an HTTP page they are given a *new* cookie and a new HttpSession is created on the server. Can you tell me the exact semantics of the secure attribute on the connector element? The documentation just says Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received Thanks James Shaw On 9/15/05, James Shaw [EMAIL PROTECTED] wrote: On 14/09/05, James Shaw [EMAIL PROTECTED] wrote: I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. I have some more info on this problem. During the login process, the original JSESSIONID that tomcat gives to the browser is being lost and a new HttpSession with a new id is being created. So either the browser is not sending the cookie containing the session id, or Tomcat is somehow losing the id. Does anyone have an idea what this problem could be? Perhaps you could point me to some information about how Tomcat receives cookies and maps these to their respective HttpSession objects. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout issues
On 14/09/05, James Shaw [EMAIL PROTECTED] wrote: I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. I have some more info on this problem. During the login process, the original JSESSIONID that tomcat gives to the browser is being lost and a new HttpSession with a new id is being created. So either the browser is not sending the cookie containing the session id, or Tomcat is somehow losing the id. Does anyone have an idea what this problem could be? Perhaps you could point me to some information about how Tomcat receives cookies and maps these to their respective HttpSession objects. Thanks James Shaw - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Think of the timeout as a 30 minute countdown timer. Every time there is any session activity, like a page request, the timers starts over. If the timer ever gets to 0, then the session times out. Jay Vertical Technology Group http://www.vtgroup.com/ -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 10:13 AM To: Tomcat Users List Subject: Re: session-timeout If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
thank you !! Jay Burgess wrote: Think of the timeout as a 30 minute countdown timer. Every time there is any session activity, like a page request, the timers starts over. If the timer ever gets to 0, then the session times out. Jay Vertical Technology Group http://www.vtgroup.com/ -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 10:13 AM To: Tomcat Users List Subject: Re: session-timeout If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: solved: timeout when reading 401 response [was: persistent HTTP 1.1 connectionswith Tomcat 5.5.4?]
Wade Chandler wrote: Actually what is happening is this You are using a buffered stream. It is reading past the amount returnedand then the tcp/ip socket is blocking because you have it open as a keep alive. You have to only read the number of bytes available and not keep trying to squeeze the blood out of the turnip... ;-) I'll almost bet you money that is what is happening. Try to not use a buffered input stream and see what you get. If I'm wrong I'm wrong let me know. Hope it works. Wade, thanks so very much for responding. I was sitting here dumbfounded wondering what in the world could be happening. But you're wrong. ;) I had already thrown out the BufferedInputStream to eliminate that. I switched to straight sockets. I set up a simple loop that simply read bytes until receiving a timeout. The timeout occurred after the CRLF divider, even though the Content-Length said 952. Accessing the site from Firefox showed all the content. Puzzled? Yeah, so was I. Then I realized that in my Java client I was testing my new HTTP routines with the HEAD method! (You can start the ridicule, now...) The whole point of the HEAD method is that it doesn't send content---it simply sends a Content-Length indicating how long the content would have been. In fact, RFC 2616 says that the server MUST NOT return a message-body in the response for the HEAD method (9.4). Now, what threw me off is that the response was an error status, a 401 Unauthorized. The Content-Length is in line with the spec, returning the length of the content which would have been returned if a GET had been used. As an error was returned, however, the Content-Length was returning the length of the error message---the error message that would have been returned had a GET been used. Now, all this is technically to the letter of RFC 2616, but I wonder what would happen if a server were to send back a 405 Method Not Allowed for HEAD. There would be no way to get at the error message, because HEAD doesn't send back content. Using GET would succeed, so technically the Content-Length of HEAD in this case wouldn't be the content length of a response from GET. I'm thinking that RFC 2616 should probably have made an exception to the no content rule for HEAD when an error condition is being reported. But that's the least of my worries. I just need to tell my client to ignore all content in a response to HEAD. Oddly, though, this means that a thread can't simply pull HTTP responses down from a persistent connection without knowing to which request each response belongs---i.e. whether to trust the Content-Length or not! In any case, thanks for the input. It looks like your responses will be useful when I finally switch over to non-blocking I/O support. Garret - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: solved: timeout when reading 401 response [was: persistent HTTP1.1 connectionswith Tomcat 5.5.4?]
Garret Wilson wrote: Wade Chandler wrote: Actually what is happening is this You are using a buffered stream. It is reading past the amount returnedand then the tcp/ip socket is blocking because you have it open as a keep alive. You have to only read the number of bytes available and not keep trying to squeeze the blood out of the turnip... ;-) I'll almost bet you money that is what is happening. Try to not use a buffered input stream and see what you get. If I'm wrong I'm wrong let me know. Hope it works. Wade, thanks so very much for responding. I was sitting here dumbfounded wondering what in the world could be happening. But you're wrong. ;) I had already thrown out the BufferedInputStream to eliminate that. I switched to straight sockets. I set up a simple loop that simply read bytes until receiving a timeout. The timeout occurred after the CRLF divider, even though the Content-Length said 952. Accessing the site from Firefox showed all the content. Puzzled? Yeah, so was I. Then I realized that in my Java client I was testing my new HTTP routines with the HEAD method! (You can start the ridicule, now...) The whole point of the HEAD method is that it doesn't send content---it simply sends a Content-Length indicating how long the content would have been. In fact, RFC 2616 says that the server MUST NOT return a message-body in the response for the HEAD method (9.4). Now, what threw me off is that the response was an error status, a 401 Unauthorized. The Content-Length is in line with the spec, returning the length of the content which would have been returned if a GET had been used. As an error was returned, however, the Content-Length was returning the length of the error message---the error message that would have been returned had a GET been used. Now, all this is technically to the letter of RFC 2616, but I wonder what would happen if a server were to send back a 405 Method Not Allowed for HEAD. There would be no way to get at the error message, because HEAD doesn't send back content. Using GET would succeed, so technically the Content-Length of HEAD in this case wouldn't be the content length of a response from GET. I'm thinking that RFC 2616 should probably have made an exception to the no content rule for HEAD when an error condition is being reported. But that's the least of my worries. I just need to tell my client to ignore all content in a response to HEAD. Oddly, though, this means that a thread can't simply pull HTTP responses down from a persistent connection without knowing to which request each response belongs---i.e. whether to trust the Content-Length or not! In any case, thanks for the input. It looks like your responses will be useful when I finally switch over to non-blocking I/O support. Garret - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] lol. I won't ridiculewe all make the mistakes that make us go... (Homer Simpson)..DOH Glad you got it resolved. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout
How about trying? Put this inside your web-app in web.xml session-config session-timeout10/session-timeout /session-config The number within the session-timeout element must be expressed in minutes. Works for me with the StandardManager, in tomcat 5 Trond Freddy Villalba A. wrote: Hi everybody, Is it possible to configure the session timeout using the org.apache.catalina.session.StandardManager Session Manager or am I forced to use the Persistent Manager just for doing so? (Tomcat v4.1) Regards, F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connection Timeout
Does anyone know any way that I can tell tomcat to kill the 'thread' if it isn't back in a ready state within 30 seconds? (waiting for new requests) Thanks Andrew On 05.11.2004, at 16:20, Phillip Qin wrote: Byte recv and byte sent? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 10:18 AM To: Tomcat Users List Subject: Re: Connection Timeout Hi Phillip, The request is for example a 10K image. Regards Andrew On 05.11.2004, at 16:11, Phillip Qin wrote: My guess is the request was serviced by Tomcat, and took that much time. What did your request column tell? A huge request, file upload? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 4:24 AM To: Tomcat Users List Subject: Connection Timeout Dear List, In /manager/status, I occasionally see connections where the status is 'S' and the time column is huge! 1 ms. Does this mean that the request is still being processed by tomcat? or is this a request waiting to be picked up - ie: chunked? If so, is there any way I can set a timeout for this, as a time 10 seconds makes very little sense with our application? Thanks in advance, Andrew - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout means tomcat restart
Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2
Re: RE: session-timeout means tomcat restart
We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasourceconnection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful
Re: session-timeout means tomcat restart
Hi Steve, sorry for lack of details. In any case, problem solved. I am developing a webapp in the MVC style and was referring to the 'C' of the MVC when mentioning the controller. I am using TC as-is however. There was a bug in a data source validity check upon login making it so the data source was not getting re-established if need be. Then it would just hang on login. Not sure why I was often required to hard boot but it's not longer a problem since I corrected the data source hook. Eric On Mon, 8 Nov 2004 22:19:27 -, Steve Kirk [EMAIL PROTECTED] wrote: Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must
RE: RE: session-timeout means tomcat restart
sorry but no. what about the other points. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday 08 November 2004 22:37 To: Tomcat Users List Subject: Re: RE: session-timeout means tomcat restart We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasourceconnection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your
Re: RE: session-timeout means tomcat restart
Other points? I posted details when I solved this problem, last Friday, but I only now realized that someone changed the thread, a couple have, and my post is related to that thread. Perhaps you didn't see that. If you're wondering about event listeners, I have not implemented any as of yet. If you're still looking for other points then I'll need you to be specific. Also, in looking back at this thread I noticed you were the one who suggested creating a myapp.xml and where to put it. This was the suggestion I followed that finally solved my problem. Many thx for that! I still have yet to find a mention of this in TC 5.0 docs. Eric btw, I am required to manually put that myapp.xml at CATALINA_HOME/conf/Catalina/localhost/. I tried creating a META-INF, located at /myapp/ with a context.xml, but this did not result in a dynamic copy at CATALINA_HOME/conf/Catalina/localhost/. On Tue, 9 Nov 2004 00:51:09 -, Steve Kirk [EMAIL PROTECTED] wrote: sorry but no. what about the other points. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday 08 November 2004 22:37 To: Tomcat Users List Subject: Re: RE: session-timeout means tomcat restart We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm
RE: session-timeout means tomcat restart
-Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Connection Timeout
My guess is the request was serviced by Tomcat, and took that much time. What did your request column tell? A huge request, file upload? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 4:24 AM To: Tomcat Users List Subject: Connection Timeout Dear List, In /manager/status, I occasionally see connections where the status is 'S' and the time column is huge! 1 ms. Does this mean that the request is still being processed by tomcat? or is this a request waiting to be picked up - ie: chunked? If so, is there any way I can set a timeout for this, as a time 10 seconds makes very little sense with our application? Thanks in advance, Andrew - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:418b46a1164289526310470!
Re: Connection Timeout
Hi Phillip, The request is for example a 10K image. Regards Andrew On 05.11.2004, at 16:11, Phillip Qin wrote: My guess is the request was serviced by Tomcat, and took that much time. What did your request column tell? A huge request, file upload? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 4:24 AM To: Tomcat Users List Subject: Connection Timeout Dear List, In /manager/status, I occasionally see connections where the status is 'S' and the time column is huge! 1 ms. Does this mean that the request is still being processed by tomcat? or is this a request waiting to be picked up - ie: chunked? If so, is there any way I can set a timeout for this, as a time 10 seconds makes very little sense with our application? Thanks in advance, Andrew - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:418b46a1164289526310470! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Connection Timeout
Byte recv and byte sent? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 10:18 AM To: Tomcat Users List Subject: Re: Connection Timeout Hi Phillip, The request is for example a 10K image. Regards Andrew On 05.11.2004, at 16:11, Phillip Qin wrote: My guess is the request was serviced by Tomcat, and took that much time. What did your request column tell? A huge request, file upload? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 4:24 AM To: Tomcat Users List Subject: Connection Timeout Dear List, In /manager/status, I occasionally see connections where the status is 'S' and the time column is huge! 1 ms. Does this mean that the request is still being processed by tomcat? or is this a request waiting to be picked up - ie: chunked? If so, is there any way I can set a timeout for this, as a time 10 seconds makes very little sense with our application? Thanks in advance, Andrew - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:418b99c3205412059510077!
Re: Connection Timeout
Hi Phillip, S506331 ms17 KB0 KBx.x.2.24www.x.comGET /x//img/x/Image.gif HTTP/1.1 Regards Andrew On 05.11.2004, at 16:20, Phillip Qin wrote: Byte recv and byte sent? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 10:18 AM To: Tomcat Users List Subject: Re: Connection Timeout Hi Phillip, The request is for example a 10K image. Regards Andrew On 05.11.2004, at 16:11, Phillip Qin wrote: My guess is the request was serviced by Tomcat, and took that much time. What did your request column tell? A huge request, file upload? -Original Message- From: Andrew Miehs [mailto:[EMAIL PROTECTED] Sent: November 5, 2004 4:24 AM To: Tomcat Users List Subject: Connection Timeout Dear List, In /manager/status, I occasionally see connections where the status is 'S' and the time column is huge! 1 ms. Does this mean that the request is still being processed by tomcat? or is this a request waiting to be picked up - ie: chunked? If so, is there any way I can set a timeout for this, as a time 10 seconds makes very little sense with our application? Thanks in advance, Andrew - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:418b99c3205412059510077!
Re: session-timeout means tomcat restart
Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout means tomcat restart
Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Yoav, Thanks for replying, long timeLeft = session.getLastAccessedTime() + session.getMaxInactiveInterval() * 1000 - System.currentTimeMillis(); PJ On Mon, 2004-09-20 at 22:54, Shapira, Yoav wrote: Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Found the issue ... my apologies for wasting ppls time. A colleague had added a setMaxInactiveInterval statement in another section of the code which was overriding the web.xml value. Worse was that he'd set it for 3 thinking it was supposed to be in ms. My apologies all and thanks Yoav for looking into it. PJ On Tue, 2004-09-21 at 08:00, Peter Johnson wrote: Yoav, Thanks for replying, long timeLeft = session.getLastAccessedTime() + session.getMaxInactiveInterval() * 1000 - System.currentTimeMillis(); PJ On Mon, 2004-09-20 at 22:54, Shapira, Yoav wrote: Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: unexpected timeout during benchmark
Hi, Maybe all the request processing threads are busy and the accept queue is full? Check your Connector configuration and increase these parameters if needed to allow your test to complete. Yoav Shapira Millennium Research Informatics -Original Message- From: Henrik Rathje [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 12:05 PM To: [EMAIL PROTECTED] Subject: unexpected timeout during benchmark Hi, I want to measure the performance of a Servlet that I wrote. To have a number to compare with i wrote a servlet which does only a single println in its doget method. When i measure the throughput of this servlet with ab using this arguments: ab -n 2 -c 10 http://localhost:8080/Messung1/TestServlet I receive: .. Completed 14000 requests apr_poll: The timeout specified has expired (70007) Total of 15861 requests completed The jvm is defenitly not out of memory, (top says 50m of -Xmx170m are used) no garbage collection is performed during the test. After some minites of waitung the servlet answers again (no tomcat restart neccessary) What causes this timeout? (when running with half the amout of requests, the throughput is 500/sec) Regards, Henrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: unexpected timeout during benchmark
Hi, increasing the values of maxThreads and acceptCount decreases the number of requests when the timeout occurs. On Thu, 9 Sep 2004 12:09:03 -0400 Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Maybe all the request processing threads are busy and the accept queue is full? Check your Connector configuration and increase these parameters if needed to allow your test to complete. Yoav Shapira Millennium Research Informatics -Original Message- From: Henrik Rathje [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 12:05 PM To: [EMAIL PROTECTED] Subject: unexpected timeout during benchmark Hi, I want to measure the performance of a Servlet that I wrote. To have a number to compare with i wrote a servlet which does only a single println in its doget method. When i measure the throughput of this servlet with ab using this arguments: ab -n 2 -c 10 http://localhost:8080/Messung1/TestServlet I receive: .. Completed 14000 requests apr_poll: The timeout specified has expired (70007) Total of 15861 requests completed The jvm is defenitly not out of memory, (top says 50m of -Xmx170m are used) no garbage collection is performed during the test. After some minites of waitung the servlet answers again (no tomcat restart neccessary) What causes this timeout? (when running with half the amout of requests, the throughput is 500/sec) Regards, Henrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: unexpected timeout during benchmark
Hi, How counter-intuitive... Yoav Shapira Millennium Research Informatics -Original Message- From: Henrik Rathje [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 12:41 PM To: Tomcat Users List Subject: Re: unexpected timeout during benchmark Hi, increasing the values of maxThreads and acceptCount decreases the number of requests when the timeout occurs. On Thu, 9 Sep 2004 12:09:03 -0400 Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Maybe all the request processing threads are busy and the accept queue is full? Check your Connector configuration and increase these parameters if needed to allow your test to complete. Yoav Shapira Millennium Research Informatics -Original Message- From: Henrik Rathje [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 12:05 PM To: [EMAIL PROTECTED] Subject: unexpected timeout during benchmark Hi, I want to measure the performance of a Servlet that I wrote. To have a number to compare with i wrote a servlet which does only a single println in its doget method. When i measure the throughput of this servlet with ab using this arguments: ab -n 2 -c 10 http://localhost:8080/Messung1/TestServlet I receive: .. Completed 14000 requests apr_poll: The timeout specified has expired (70007) Total of 15861 requests completed The jvm is defenitly not out of memory, (top says 50m of -Xmx170m are used) no garbage collection is performed during the test. After some minites of waitung the servlet answers again (no tomcat restart neccessary) What causes this timeout? (when running with half the amout of requests, the throughput is 500/sec) Regards, Henrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout: web.xml and setMaxInactiveInterval(int)
Your assumption is incorrect. When the session is created it will follow the value set in your web.xml but in this case, after session creation you modify its timeout attribute to be higher. This will only apply to sessions that go through this servlet, obviously. Ta Matt -Original Message- From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] Sent: 15 July 2004 22:44 To: Tomcat User Subject: session timeout: web.xml and setMaxInactiveInterval(int) My web.xml has the following: session-config session-timeout30/session-timeout /session-config However, when a user logs in, the following code in our app gets executed: HttpSession session = request.getSession(false); session.setMaxInactiveInterval(7200); I've been fiddling with the web.xml and didn't realize that other code was in there, and I'm wondering who trumps who. I would assume that the web.xml's global setting would have priority over any individual setting, but it could easily be the other way around! Thanks, Stephen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout Error
I do not remember where i can set session time our for a web-app? But i think you must also set keepalive time, if i am not wrong :~)) -Original Message- From: Matt Krone [mailto:[EMAIL PROTECTED] Sent: Friday, June 18, 2004 5:49 PM To: [EMAIL PROTECTED] Subject: Session Timeout Error The web application I developed has a session-timeout setting of 10 minutes. When I authenticate with the application using the web browser Mozila 1.6 the session times out in 10 minutes. However, when I use the web browser IE 6.0 the session does not time out in 10 minutes. Any thoughts would be helpful? -Matt = /* Matt */ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
Re: ConnectionPool timeout
Hi again. What the hell ist this ? Spam as autorespond on the tomcat-user list Oh f... unbelevable!!! Am Montag, 21. Juni 2004 20:43 schrieb Autoresponder: Most likely the answer to your question is at: http://pc-magic.com/faq.htm Should you not find the answer to your question you will be told how to contact us directly. Thank you. (This is an automated response) -- Name: Frank von Daak eMail: [EMAIL PROTECTED] Homepage: http://www.kpage.de If Bill Gates had a nickel for every time Windows crashed... - oh wait, he does. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: ConnectionPool timeout
I'm seeing evidence of several odd auto-responses. It looks like someone thinks that it is a fun prank to add random addresses of unsuspecting people to this list. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connection timeout when using OutputStream
I forgot to mention - I am running Tomcat 4.1.27 on Win2K. Thanks. --- Paul Mitchell [EMAIL PROTECTED] wrote: Hello, I am running into problems with downloading unusually big files within my application using the ServletOutputStream. From what I read on the documentation I set the Coyote Connector attribute connectionTimeout=-1 and still the problem persists. Any ideas/advice anyone ? Thanks, Paul. __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: The strange thing is that this page seems to only intermittently be displayed. i.e. it is catching the case where the session expires, but, in some cases since I'm using container based security, it is going back to the login page. Sometimes it goes to this page first, and then brings up the login page. Other times, it just goes straight to the login page. I need to look into it further. I have SingleSignOn enabled, so, I'm not sure if that May be it's working so fast you sometimes don't notice this redirection, and sometimes do? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
I found out about a few other functions that make it bit easier. I think I have it working using the following, public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if(((HttpServletRequest)request).getRequestedSessionId() != null ((HttpServletRequest)request).isRequestedSessionIdValid() == false) { RequestDispatcher rd = request.getRequestDispatcher(/WEB-INF/sessionexpired.jsp); rd.forward(request, response); } else { chain.doFilter(request, response); } } The strange thing is that this page seems to only intermittently be displayed. i.e. it is catching the case where the session expires, but, in some cases since I'm using container based security, it is going back to the login page. Sometimes it goes to this page first, and then brings up the login page. Other times, it just goes straight to the login page. I need to look into it further. I have SingleSignOn enabled, so, I'm not sure if that might have something to do with it. I need to do more testing. In theory, I think it should go to the login page each time. So, I'm thinking of putting a check in my login page similar to the above that just shows optional text stating that the session has expired. Another thing that I'm wondering is if it is possible to use a servlet as the login page for Tomcat rather than a .jsp file. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, May 21, 2004 7:15 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. I've just tried this way, it works. Look at example .java file in attach for example, it's Filter implementation. Thanks for the suggestion, it's very useful. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. I've just tried this way, it works. Look at example .java file in attach for example, it's Filter implementation. Thanks for the suggestion, it's very useful. package org.unchqua.test.servlet; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.Cookie; public class NewSessionFilter implements Filter { private FilterConfig fconf; public void init(FilterConfig arg0) throws ServletException { fconf=arg0; } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fchain) throws IOException, ServletException { boolean newManualSession=false; String fromSession=null; if (((HttpServletRequest)req).getSession(false)!=null) { fromSession=((HttpServletRequest)req).getSession(false).getId(); } if (fromSession==null) { fromSession=((HttpServletRequest)req).getSession().getId(); newManualSession=true; } String fromCookie=null; Cookie[] cooks=((HttpServletRequest)req).getCookies(); if (cooks!=null) { for (int i=0; icooks.length; i++) { if (cooks[i].getName().equals(JSESSIONID)) { fromCookie=cooks[i].getValue(); break; } } } ServletOutputStream out=resp.getOutputStream(); out.println(newManualSession ? Session manually created : ); out.println(fromSession!=null ? From session: +fromSession : No session); out.println(fromCookie!=null ? From cookies: +fromCookie : No session id in cookies); if (fromSession==null fromCookie==null) out.println(Session is completely new); else if (fromSession==null fromCookie!=null) out.println(Session lived but has been expired); //fchain.doFilter(req, resp); } public void destroy() { fconf=null; } } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
In my case, I don't just want to test for a timed out session. I want to see if the session has timed out since the user has logged in. So, when the user logs in, I add an object to the session (any object will do). Then at the top of every servlet I test for the existence of that object 'if(session.getAttribute(myObject) == null)'. If the object is null then I know that the session has timed out since the user last logged in. At that point, I forward to the session expired page which informs the user that he/she must log back in. It sounds like you're looking for something similar. On Wednesday 19 May 2004 04:56 pm, Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Does anyone have example source code on how to do this? Jon - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 3:16 PM Subject: Re: Session Timeout and Direct Reference to login page On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote: : All I want to do is detect when a session has timed out for a user and : display a page stating such when the user makes a request after the session : has timed out. It seems like this should be a straight forward thing to do. : Am I missing something? You could use a session listener and check its existence with a filter... In other words: // filter pseudocode if( null != session.getAttribute( UserMarker ) ){ // pass the req and resp down the filter chain }else{ // forward() to a your session timed out page } Is this what you're after? Option #2: have each page meta-refresh to the your session timed out page (set the refresh value 1 or 2 seconds beyond the session timeout). This is more intrusive, though: people don't typically like it when their browser starts moving around when they didn't explicitly ask. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
What was wrong with the first suggestion? 1.) When your user logs in, throw an object in their session. 2.) In each servlet/jsp (or, better, in a filter), test for the existence of that object and forward back to the login if it is null. Seems pretty straight forward to me. On Thursday 20 May 2004 12:51 pm, Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Thanks for the suggestion. The reason that I can't do it that way (as far as I know) is because I'm using container-based security. I'm not handling the submission of the login form directly. Before I switched to using container-based security, I was doing it exactly as you described. Jon - Original Message - From: Ben Souther [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 12:26 PM Subject: Re: Session Timeout and Direct Reference to login page What was wrong with the first suggestion? 1.) When your user logs in, throw an object in their session. 2.) In each servlet/jsp (or, better, in a filter), test for the existence of that object and forward back to the login if it is null. Seems pretty straight forward to me. On Thursday 20 May 2004 12:51 pm, Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Tomcat behaves according to the Servlet/JSP specs. It creates a new session if a request is made after the previous one expires. It's not too difficult to write your own, I did. -Write a session-timeout.jsp with a link to your login. -Define a context-param in web.xml (session-timeout-page-url) or something like that, which defines the name of your session-timeout.jsp -At the top of every servlet check for the existence of an object that get's put in session during login (an empty string will do). If it's null, forward to the session-timeout.jsp. Of course, you could also just forward straight to the login page and bypass the session-timeout.jsp altogether. If you're doing everything with JSPs, you could just use an include for the code that does the checking so you don't have to put the same code on the top of every JSP. You could also do the same thing from a Filter. On Wednesday 19 May 2004 04:35 pm, Jonathan Eric Miller wrote: It's too bad there isn't a session-timeout-page element that you can put in web.xml kind of like the error-page element... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and Direct Reference to login page Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e
Re: Session Timeout and Direct Reference to login page
It's too bad there isn't a session-timeout-page element that you can put in web.xml kind of like the error-page element... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and Direct Reference to login page Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Does anyone have example source code on how to do this? Jon - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 3:16 PM Subject: Re: Session Timeout and Direct Reference to login page On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote: : All I want to do is detect when a session has timed out for a user and : display a page stating such when the user makes a request after the session : has timed out. It seems like this should be a straight forward thing to do. : Am I missing something? You could use a session listener and check its existence with a filter... In other words: // filter pseudocode if( null != session.getAttribute( UserMarker ) ){ // pass the req and resp down the filter chain }else{ // forward() to a your session timed out page } Is this what you're after? Option #2: have each page meta-refresh to the your session timed out page (set the refresh value 1 or 2 seconds beyond the session timeout). This is more intrusive, though: people don't typically like it when their browser starts moving around when they didn't explicitly ask. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote: : All I want to do is detect when a session has timed out for a user and : display a page stating such when the user makes a request after the session : has timed out. It seems like this should be a straight forward thing to do. : Am I missing something? You could use a session listener and check its existence with a filter... In other words: // filter pseudocode if( null != session.getAttribute( UserMarker ) ){ // pass the req and resp down the filter chain }else{ // forward() to a your session timed out page } Is this what you're after? Option #2: have each page meta-refresh to the your session timed out page (set the refresh value 1 or 2 seconds beyond the session timeout). This is more intrusive, though: people don't typically like it when their browser starts moving around when they didn't explicitly ask. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SingleSignOn timeout
that would depend on the type of single-signon you want right. a restrictive single-signon mechanism would consider the user logged out of all webapps once the user logs out of one webapp. if you don't want the login to be symmetic, when do you decide a login is invalid? Is it based on timeouts, or some other mechanism? In my mind, single-signon also means single-signout. But that's my biased perspective. the reason for this way of thinking is, say I login to my BOA checking account and I go to view my savings account. Then I jump to my trading account. When I log off, I expect to log off BOA and not just the section I'm on. Other people might have different expectations, but that's how I tend to think of single signon. peter lin Summers, Bert W. [EMAIL PROTECTED] wrote: I am using the SingleSignOn class from Tomcat. It is working good in that I have three webapps that I can be between without a problem. My issue that when one of the sessions expire it kills all the sessions in the other webapps and I get redirected to the login screen again. That is not supposed to happen is it? I am keeping one webapps session active and then it dies. Is there some setting? Thanks. - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th
RE: SingleSignOn timeout
Hi, And Tomcat's SingleSignOn valve is restrictive. So the behavior you're seeing is by design. Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 3:27 PM To: Tomcat Users List Subject: Re: SingleSignOn timeout that would depend on the type of single-signon you want right. a restrictive single-signon mechanism would consider the user logged out of all webapps once the user logs out of one webapp. if you don't want the login to be symmetic, when do you decide a login is invalid? Is it based on timeouts, or some other mechanism? In my mind, single-signon also means single-signout. But that's my biased perspective. the reason for this way of thinking is, say I login to my BOA checking account and I go to view my savings account. Then I jump to my trading account. When I log off, I expect to log off BOA and not just the section I'm on. Other people might have different expectations, but that's how I tend to think of single signon. peter lin Summers, Bert W. [EMAIL PROTECTED] wrote: I am using the SingleSignOn class from Tomcat. It is working good in that I have three webapps that I can be between without a problem. My issue that when one of the sessions expire it kills all the sessions in the other webapps and I get redirected to the login screen again. That is not supposed to happen is it? I am keeping one webapps session active and then it dies. Is there some setting? Thanks. - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SingleSignOn timeout
I would agree with your perspective. However, After I have been in my trading account for 30 minutes my boa session time's out and my trading session is killed. That I do not expect. -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 12:27 PM To: Tomcat Users List Subject: Re: SingleSignOn timeout that would depend on the type of single-signon you want right. a restrictive single-signon mechanism would consider the user logged out of all webapps once the user logs out of one webapp. if you don't want the login to be symmetic, when do you decide a login is invalid? Is it based on timeouts, or some other mechanism? In my mind, single-signon also means single-signout. But that's my biased perspective. the reason for this way of thinking is, say I login to my BOA checking account and I go to view my savings account. Then I jump to my trading account. When I log off, I expect to log off BOA and not just the section I'm on. Other people might have different expectations, but that's how I tend to think of single signon. peter lin Summers, Bert W. [EMAIL PROTECTED] wrote: I am using the SingleSignOn class from Tomcat. It is working good in that I have three webapps that I can be between without a problem. My issue that when one of the sessions expire it kills all the sessions in the other webapps and I get redirected to the login screen again. That is not supposed to happen is it? I am keeping one webapps session active and then it dies. Is there some setting? Thanks. - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SingleSignOn timeout
How deep is this restriction? Can I change the SSO class? I have already subclassed it to add some client PKI checking. Why would one webapp's timeout kill a current session, seems it should kill itself then each session would die a natural death, unless I call invalidate session. Bert -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 12:27 PM To: Tomcat Users List Subject: RE: SingleSignOn timeout Hi, And Tomcat's SingleSignOn valve is restrictive. So the behavior you're seeing is by design. Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 3:27 PM To: Tomcat Users List Subject: Re: SingleSignOn timeout that would depend on the type of single-signon you want right. a restrictive single-signon mechanism would consider the user logged out of all webapps once the user logs out of one webapp. if you don't want the login to be symmetic, when do you decide a login is invalid? Is it based on timeouts, or some other mechanism? In my mind, single-signon also means single-signout. But that's my biased perspective. the reason for this way of thinking is, say I login to my BOA checking account and I go to view my savings account. Then I jump to my trading account. When I log off, I expect to log off BOA and not just the section I'm on. Other people might have different expectations, but that's how I tend to think of single signon. peter lin Summers, Bert W. [EMAIL PROTECTED] wrote: I am using the SingleSignOn class from Tomcat. It is working good in that I have three webapps that I can be between without a problem. My issue that when one of the sessions expire it kills all the sessions in the other webapps and I get redirected to the login screen again. That is not supposed to happen is it? I am keeping one webapps session active and then it dies. Is there some setting? Thanks. - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SingleSignOn timeout
Let me see if I have this straight. SingleSignOn registers itself with each session. When a session dies it calls sessionEvent Which then gets the ssoId and calls deregister Which then iterates through all sessions for that ssoId and kills them Now, if I change deregister and check the number of sessions and if there is only one then remove the ssoId from the cache. Seems that will fix my problem. Are there any security problems I should be aware of? Bert -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 12:51 PM To: Tomcat Users List Subject: RE: SingleSignOn timeout How deep is this restriction? Can I change the SSO class? I have already subclassed it to add some client PKI checking. Why would one webapp's timeout kill a current session, seems it should kill itself then each session would die a natural death, unless I call invalidate session. Bert -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 12:27 PM To: Tomcat Users List Subject: RE: SingleSignOn timeout Hi, And Tomcat's SingleSignOn valve is restrictive. So the behavior you're seeing is by design. Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 3:27 PM To: Tomcat Users List Subject: Re: SingleSignOn timeout that would depend on the type of single-signon you want right. a restrictive single-signon mechanism would consider the user logged out of all webapps once the user logs out of one webapp. if you don't want the login to be symmetic, when do you decide a login is invalid? Is it based on timeouts, or some other mechanism? In my mind, single-signon also means single-signout. But that's my biased perspective. the reason for this way of thinking is, say I login to my BOA checking account and I go to view my savings account. Then I jump to my trading account. When I log off, I expect to log off BOA and not just the section I'm on. Other people might have different expectations, but that's how I tend to think of single signon. peter lin Summers, Bert W. [EMAIL PROTECTED] wrote: I am using the SingleSignOn class from Tomcat. It is working good in that I have three webapps that I can be between without a problem. My issue that when one of the sessions expire it kills all the sessions in the other webapps and I get redirected to the login screen again. That is not supposed to happen is it? I am keeping one webapps session active and then it dies. Is there some setting? Thanks. - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerald Powel wrote: | Hi all, | | I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. Jerald, I don't know the internals of Tomcat's Session management, but there are a few things to think about here that might help. 1) Just by closing the browser does not cause the session to close. 2) You could be putting some shared object into the Session which is not garbage collected when the session itself dies. 3) I believe you can configure a listener to receive an event when a session dies. You could therefore see if they really are being closed. 4) Be careful what you put in the Session. Usually only place small or transient objects into the Session. Don't put any heavy objects, like database connections into the session. 5) There could be a Tomcat bug. :) (unlikely, though) Hope that helps, Seth -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFATPrI5EIB1scRes8RAn7oAJ43yJLv+9GeaQD7LADIuQfk0N5zuQCeJTDl +aFJNg57g77HwvOATT60kB8= =8yG4 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:38 PM To: Tomcat Users List Subject: session-timeout Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. thanks for your input G. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
At 02:37 PM 3/8/2004, you wrote: Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. I'm dismayed that this topic keeps coming up ... it really should die. There is not a 1-1 correspondence between the memory that you see your task manager report and the amount of actual memory being consumed by your app. It's a problem of perspective -- from the operating system's perspective, the consumer is the java JVM. From your perspective, the consumer is your webapp. When Tomcat requests more memory, the JVM in turn requests more memory from the OS. Just because Tomcat releases memory doesn't mean that the JVM does. You can't use the Task Manager to (reliably) measure your webapp's memory consumption. There is plenty of information about this in the archives or by reading up on JVM memory management for whatever vendor/platform you're running on. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 03:07 PM 3/8/2004, you wrote: My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? thnx G. Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
RE: session-timeout
At 04:50 PM 3/8/2004, you wrote: Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? Try these (from a really quick search) to get you started. Look at the terms being used and try searching for other messages along the same lines. http://www.mail-archive.com/[EMAIL PROTECTED]/thrd4.html#119966 http://www.mail-archive.com/[EMAIL PROTECTED]/msg120110.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg111595.html The JVM is the software that you download from Sun. It's the thing that runs *any* java program. Tomcat is one possible program. Point being it's the JVM's responsibility to request memory from the operating system, then provide that memory to the java program running inside it. Just because Tomcat no longer uses the memory (when a session expires, for example), doesn't mean the JVM returns it to the OS. Hope that helps, justin Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request timeout - page cannot be displayed
I may have a similar problem. See my message from yesterday: connectionTimeout and disableUploadTimeout Assuming you've got something like this in web.xml: session-config session-timeout360/session-timeout /session-config that should take care of your session (the above allows for a 6 hour session). However, there appears to be a separate 'connection timeout' or 'request timeout' concept which will prevent a long request's results from ever displaying. 60 minutes seems to be the limit, but I haven't pinned this down. I've tried using 'connectionTimeout' and 'disableUploadTimeout' but neither seems to have any effect. Sorry to answer your question with a question, but maybe we can pursue this together. -Rob --- Altug B. Altintas [EMAIL PROTECTED] wrote: Hi We have got a page which process a request for a long time (because of algoritm) so we set session-timeout = 1000 in web.xml but if the user request this page, it starts to process and then after a time (~30 min) browser gives page cannot be displayed but the request is still be processed in server so the user cannot see anything. Which parameter can i set to solve this problem. Regards Altug __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: request timeout - page cannot be displayed
Howdy, You're wasting your time. Other elements of the connection, including the browser and intermediate caches/proxies have timeouts which will fire before your session and tomcat connection timeouts. Yoav Shapira Millennium ChemInformatics -Original Message- From: Rob Harrington [mailto:[EMAIL PROTECTED] Sent: Thursday, January 29, 2004 8:52 AM To: Tomcat Users List Subject: Re: request timeout - page cannot be displayed I may have a similar problem. See my message from yesterday: connectionTimeout and disableUploadTimeout Assuming you've got something like this in web.xml: session-config session-timeout360/session-timeout /session-config that should take care of your session (the above allows for a 6 hour session). However, there appears to be a separate 'connection timeout' or 'request timeout' concept which will prevent a long request's results from ever displaying. 60 minutes seems to be the limit, but I haven't pinned this down. I've tried using 'connectionTimeout' and 'disableUploadTimeout' but neither seems to have any effect. Sorry to answer your question with a question, but maybe we can pursue this together. -Rob --- Altug B. Altintas [EMAIL PROTECTED] wrote: Hi We have got a page which process a request for a long time (because of algoritm) so we set session-timeout = 1000 in web.xml but if the user request this page, it starts to process and then after a time (~30 min) browser gives page cannot be displayed but the request is still be processed in server so the user cannot see anything. Which parameter can i set to solve this problem. Regards Altug __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request timeout - page cannot be displayed
Hi Rob, Tomcat closes my connection on applications in 60 minutes, i have measured it. I downloaded tomcat sources and i found that WebdavServlet.java file has a field /** * Default lock timeout value. */ private static final int DEFAULT_TIMEOUT = 3600; i think this value cannot be changed from outside (from conf files ... ) Any idea ? Build it again ? Regards Altug. - Original Message - From: Rob Harrington [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, January 29, 2004 3:51 PM Subject: Re: request timeout - page cannot be displayed I may have a similar problem. See my message from yesterday: connectionTimeout and disableUploadTimeout Assuming you've got something like this in web.xml: session-config session-timeout360/session-timeout /session-config that should take care of your session (the above allows for a 6 hour session). However, there appears to be a separate 'connection timeout' or 'request timeout' concept which will prevent a long request's results from ever displaying. 60 minutes seems to be the limit, but I haven't pinned this down. I've tried using 'connectionTimeout' and 'disableUploadTimeout' but neither seems to have any effect. Sorry to answer your question with a question, but maybe we can pursue this together. -Rob --- Altug B. Altintas [EMAIL PROTECTED] wrote: Hi We have got a page which process a request for a long time (because of algoritm) so we set session-timeout = 1000 in web.xml but if the user request this page, it starts to process and then after a time (~30 min) browser gives page cannot be displayed but the request is still be processed in server so the user cannot see anything. Which parameter can i set to solve this problem. Regards Altug __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request timeout - page cannot be displayed
Hi Maybe you should implement a polling mechanism where the client can ask wether the data is available or not... The session timeout has nothing to do with the http timeout. The session timout only defines the time after tomcat frees the resources hold by the session - which is used to identify a client doint multiple requests. greets, mike Altug B. Altintas wrote: Hi Rob, Tomcat closes my connection on applications in 60 minutes, i have measured it. I downloaded tomcat sources and i found that WebdavServlet.java file has a field /** * Default lock timeout value. */ private static final int DEFAULT_TIMEOUT = 3600; i think this value cannot be changed from outside (from conf files ... ) Any idea ? Build it again ? Regards Altug. - Original Message - From: Rob Harrington [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, January 29, 2004 3:51 PM Subject: Re: request timeout - page cannot be displayed I may have a similar problem. See my message from yesterday: connectionTimeout and disableUploadTimeout Assuming you've got something like this in web.xml: session-config session-timeout360/session-timeout /session-config that should take care of your session (the above allows for a 6 hour session). However, there appears to be a separate 'connection timeout' or 'request timeout' concept which will prevent a long request's results from ever displaying. 60 minutes seems to be the limit, but I haven't pinned this down. I've tried using 'connectionTimeout' and 'disableUploadTimeout' but neither seems to have any effect. Sorry to answer your question with a question, but maybe we can pursue this together. -Rob --- Altug B. Altintas [EMAIL PROTECTED] wrote: Hi We have got a page which process a request for a long time (because of algoritm) so we set session-timeout = 1000 in web.xml but if the user request this page, it starts to process and then after a time (~30 min) browser gives page cannot be displayed but the request is still be processed in server so the user cannot see anything. Which parameter can i set to solve this problem. Regards Altug __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request timeout - page cannot be displayed
Altug, I'm finding as well that in practice 60 minutes is the breakpoint for connection timing out. I'd love to know what would happen if you rebuilt the Tomcat code with a higher value for that static variable. I'm not sure that would be a viable solution for me long term though, since I don't want to have the production environment always having to use 'my' version of Tomcat. Let me know if it works though. As for Michael's suggestion, there are similar workarounds as described here: Basically you need to fork off a thread to execute the query, this should set the resultset variable when it is done. Then you need to enter a loop checking to see when the thread is finished. Inside the loop of checking, you make sure that a print exists so that the browser will continue to stay connnected to the server. In other words, keep the browser window active with meaningless data while waiting. The only big downside about this is the fact that a significant amount of data could be delivered to the browser during the time period. If too much data (even just a single space for each iteration of the loop) gets to the client browser, you can hang up the browser. I suppose adding a counter inside the loop that only sends a space out every 10 seconds or so (or 10 minutes?) would be an easy resolution to this. I've been trying to avoid this ugly hack, but right now its looking like the only solution, aside from rebuilding tc as you described, or a completely different solution which avoids the problem such as sending the results to the user in email, or notifying the user when the results can be viewed in the application. --- Michael Mangeng [EMAIL PROTECTED] wrote: Hi Maybe you should implement a polling mechanism where the client can ask wether the data is available or not... The session timeout has nothing to do with the http timeout. The session timout only defines the time after tomcat frees the resources hold by the session - which is used to identify a client doint multiple requests. greets, mike __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout
Perhaps because in the web.xml you specify the value in minutes, and in the code the method getMaxInactiveInterval() retrieves the time in seconds?? ;-) Vitor Chris Wahl wrote: Hi,all I am using TC4.0.6, After I setting session timeout to -1 by adding following in web.xml: session-config session-timeout-1/session-timeout /session-config In a servlet of the same web module I get such interesting output: hs.getMaxInactiveInterval() = -60 // hs is HttpSession My question is, why -1 is replaced by -60? Regards Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connection timeout Problem
MySQL drops the connection after a certain period of inactivity. Just add autoReconnect=true to you jdbc url: E.g. jdbc:mysql://localhost:3306/mydb?autoReconnect=true -Vincent. Gary Lee wrote: My tomcat 4.1.27 connects to mysql thu. jdbc driver. If I keep some connections overnite, i found they all got lost in the next morning, and hence my tomcat need to restart. does anybody has some hint? Thanks - Original Message - From: Veselin Kovacevic [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 4:17 PM Subject: RE: Problem with ConnectionPool on Linux You think DBCP 1.1? I try to install Tomcat 4.1.29 but I get some error with connection pool. Is there some changes in server.xml settings? -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 9:13 AM To: Tomcat Users List Subject: Re: Problem with ConnectionPool on Linux The new version of DBCP should be able to cope with this as well. I tested it with MaxDB and it works ok. Veselin Kovacevic wrote: Now, everything working fine. :) Thanks Jon. -Original Message- From: Jon Wingfield [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2003 4:50 PM To: Tomcat Users List Subject: Re: Problem with ConnectionPool on Linux MySql times out idle connections. If your pool implementation doesn't take care of weeding out dead connections you need to add autoReconnect=true to your connection string. HTH, Jon Veselin Kovacevic wrote: Hi, I have o problem with Tomcat 4.1.24 on SuseLinux7.3. Our application has Controller servlet (below) where using connection objects from connection pool. When tomcat started, application working fine and everything OK that day. But next day when we try to start application we get error message in isUser method (PortalUserDB class). It's first place where we use connection object in application. Method isUser is very simple method for authenticate user (below). We get this exception: SQL Exception:java.sql.SQLException: No operations allowed after connection closed Connection object is not null in this case, and this message for me is not correct. Next, if I restart tomcat, everything working ok... (for next day). On windows (we using windows for development platform) we have not this problem. What is problem? Is configuration server.xml or similar configuration files on Linux different rather on windows? Note: On both platform we using Tomcat 4.1.24 and j2sdk1.4.1_03. public class Controller extends HttpServlet { private DataSource ds; public void init(ServletConfig config) throws ServletException { super.init(config); try { InitialContext initCtx = new InitialContext(); Context envCtx = (Context)initCtx.lookup(java:comp/env); ds = (DataSource)envCtx.lookup(jdbc/MySQLPool); } catch (Exception e){ throw new UnavailableException(e.getMessage()); } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { request.setCharacterEncoding(iso-8859-2); if (ds != null) { Connection conn = ds.getConnection(); if (conn != null) { boolean isUserExists = PortalUserDB.isUser(conn, userName, userPass); conn.close(); } } } public static boolean isUser(Connection conn, String userName, String userPass) throws SQLException, IOException { String query = SELECT user_name FROM admin_user + WHERE user_name = ? + AND user_pass = ?; boolean isUserExists = false; try { PreparedStatement pstmt = conn.prepareStatement(query); pstmt.setString(1, userName); pstmt.setString(2, userPass); ResultSet rs = pstmt.executeQuery(); isUserExists = rs.next(); rs.close(); rs = null; pstmt.close(); pstmt = null; } catch (SQLException sqle) { PortalLog.addLogLine(Class: PortalUserDB, Method: isUser. SQL Exception: + sqle, userName); } return isUserExists; } Thanks, Veso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL
Re: Connection timeout Problem
Gary, My tomcat 4.1.27 connects to mysql thu. jdbc driver. If I keep some connections overnite, i found they all got lost in the next morning, and hence my tomcat need to restart. does anybody has some hint? You replied to a thread which already contained the fix: Add autoreconnect=true to your JDBC URL that you use to connect. I've seen people ignore archive posts. I've seen people ignore posts from the previous day. But I've never seen anyone ignore the post to which they're replying. Finally, please note that this has nothing to do with Tomcat. It's either a MySQL issue, a MySQL driver issue, or a connection pool issue. Please try to keep the questions at least tangentially related to Tomcat. -chris Thanks - Original Message - From: Veselin Kovacevic [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 4:17 PM Subject: RE: Problem with ConnectionPool on Linux You think DBCP 1.1? I try to install Tomcat 4.1.29 but I get some error with connection pool. Is there some changes in server.xml settings? -Original Message- From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 9:13 AM To: Tomcat Users List Subject: Re: Problem with ConnectionPool on Linux The new version of DBCP should be able to cope with this as well. I tested it with MaxDB and it works ok. Veselin Kovacevic wrote: Now, everything working fine. :) Thanks Jon. -Original Message- From: Jon Wingfield [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2003 4:50 PM To: Tomcat Users List Subject: Re: Problem with ConnectionPool on Linux MySql times out idle connections. If your pool implementation doesn't take care of weeding out dead connections you need to add autoReconnect=true to your connection string. HTH, Jon Veselin Kovacevic wrote: Hi, I have o problem with Tomcat 4.1.24 on SuseLinux7.3. Our application has Controller servlet (below) where using connection objects from connection pool. When tomcat started, application working fine and everything OK that day. But next day when we try to start application we get error message in isUser method (PortalUserDB class). It's first place where we use connection object in application. Method isUser is very simple method for authenticate user (below). We get this exception: SQL Exception:java.sql.SQLException: No operations allowed after connection closed Connection object is not null in this case, and this message for me is not correct. Next, if I restart tomcat, everything working ok... (for next day). On windows (we using windows for development platform) we have not this problem. What is problem? Is configuration server.xml or similar configuration files on Linux different rather on windows? Note: On both platform we using Tomcat 4.1.24 and j2sdk1.4.1_03. public class Controller extends HttpServlet { private DataSource ds; public void init(ServletConfig config) throws ServletException { super.init(config); try { InitialContext initCtx = new InitialContext(); Context envCtx = (Context)initCtx.lookup(java:comp/env); ds = (DataSource)envCtx.lookup(jdbc/MySQLPool); } catch (Exception e){ throw new UnavailableException(e.getMessage()); } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { request.setCharacterEncoding(iso-8859-2); if (ds != null) { Connection conn = ds.getConnection(); if (conn != null) { boolean isUserExists = PortalUserDB.isUser(conn, userName, userPass); conn.close(); } } } public static boolean isUser(Connection conn, String userName, String userPass) throws SQLException, IOException { String query = SELECT user_name FROM admin_user + WHERE user_name = ? + AND user_pass = ?; boolean isUserExists = false; try { PreparedStatement pstmt = conn.prepareStatement(query); pstmt.setString(1, userName); pstmt.setString(2, userPass); ResultSet rs = pstmt.executeQuery(); isUserExists = rs.next(); rs.close(); rs = null; pstmt.close(); pstmt = null; } catch (SQLException sqle) { PortalLog.addLogLine(Class: PortalUserDB, Method: isUser. SQL Exception: + sqle, userName); } return isUserExists; } Thanks, Veso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail:
Re: Session Timeout
I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout
anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout
Howdy, The servlet specification is the only authority on this, misleading books should be tossed aside. SRV.7.5 is clear, session timeout is for inactivity, not total duration, as Senor Curwen opined. The first part of his message, using $CATALINA_HOME/conf/web.xml, I would discourage, as it's non-standard. Stick to WEB-INF/web.xml, which is standard and therefore portable across containers. Yoav Shapira Millennium ChemInformatics -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:05 AM To: 'Tomcat Users List' Subject: RE: Session Timeout anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only
Re: Session Timeout
That's actually why I was floored when my applet was kicked back to the login form after half an hours of continuous activity. Mike Curwen wrote: anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout
I'm looking at the 2.3 spec right now. SRV 7.5 does say that the timeout set by setMaxInactiveInterval() is for inactivity. However, that section doesn't address the session-timeout/ parameter. It does say that the default is up to the container. In SRV.13.3, the session-timeout/ defines the default timeout. However, the word inactivity is interestingly missing from this description. It also specifies the ability to set the system to never timeout if the value is set to 0 or less. None of this explains why my session timed out after ~30 minutes of continuous activity by default or with the session-timeout/ parameter set to 5 minutes. I must really be missing something. Everything everybody has said is reasonable and matches my expectations. However, it does not appear to match my experiments. I'll try some more. Thanks, G. Wade Shapira, Yoav wrote: Howdy, The servlet specification is the only authority on this, misleading books should be tossed aside. SRV.7.5 is clear, session timeout is for inactivity, not total duration, as Senor Curwen opined. The first part of his message, using $CATALINA_HOME/conf/web.xml, I would discourage, as it's non-standard. Stick to WEB-INF/web.xml, which is standard and therefore portable across containers. Yoav Shapira Millennium ChemInformatics -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:05 AM To: 'Tomcat Users List' Subject: RE: Session Timeout anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go
Re: Session Timeout
I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: web.xml:session-timeout error
Get a validationg XML parser and run your web.xml through it. Your web.xml is not valid with respect to the DTD. -Tim john-paul delaney wrote: Hello List... I've upgraded to 4.1.24 (from a 4.1.x earlier version) and now the following error reported in my catalina.out log. (it's caused by this timeout setting in web.xml: session-config session-timeout 30 /session-timeout /session-config ) however, I didn't have this problem before. Any ideas? Thanks /j-p. Apache Tomcat/4.1.24-LE-jdk14 Jul 27, 2003 3:46:08 PM org.apache.commons.digester.Digester error SEVERE: Parse Error at line 385 column -1: Element web-app does not allow session-config here. org.xml.sax.SAXParseException: Element web-app does not allow session-config here. at org.apache.crimson.parser.Parser2.error(Parser2.java:3317) at org.apache.crimson.parser.ValidatingParser$ChildrenValidator.consume(ValidatingParser.java:349) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1464) at org.apache.crimson.parser.Parser2.content(Parser2.java:1926) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1654) at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:634) at org.apache.crimson.parser.Parser2.parse(Parser2.java:333) at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448) at org.apache.commons.digester.Digester.parse(Digester.java:1543) at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:282) at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: web.xml:session-timeout error
Please pay attention to position of session-config tag of web.xml. In Servlet2.3 DTD, session-config should be placed after servlet tag. Check http://java.sun.com/dtd/web-app_2_3.dtd for more detail. - Original Message - From: john-paul delaney [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 28, 2003 1:42 AM Subject: web.xml:session-timeout error Hello List... I've upgraded to 4.1.24 (from a 4.1.x earlier version) and now the following error reported in my catalina.out log. (it's caused by this timeout setting in web.xml: session-config session-timeout 30 /session-timeout /session-config ) however, I didn't have this problem before. Any ideas? Thanks /j-p. Apache Tomcat/4.1.24-LE-jdk14 Jul 27, 2003 3:46:08 PM org.apache.commons.digester.Digester error SEVERE: Parse Error at line 385 column -1: Element web-app does not allow session-config here. org.xml.sax.SAXParseException: Element web-app does not allow session-config here. at org.apache.crimson.parser.Parser2.error(Parser2.java:3317) at org.apache.crimson.parser.ValidatingParser$ChildrenValidator.consume(Validat ingParser.java:349) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1464) at org.apache.crimson.parser.Parser2.content(Parser2.java:1926) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1654) at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:634) at org.apache.crimson.parser.Parser2.parse(Parser2.java:333) at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448) at org.apache.commons.digester.Digester.parse(Digester.java:1543) at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.ja va:282) at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
The default setting for session timeout should be done in %CATALINA_HOME%/conf/web.xml Look for the tag session-config -Sudhir. -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 10:47 AM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
You can use, session-config session-timeoutXXX/session-timeout /session-config in your web.xml Regards, A.Sankar -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 8:17 PM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
For application specific setting modify web.xml file of your application by adding session-config session-timeouttime in ms/session-timeout /session-config -Sudhir. -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 10:47 AM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
Thank you all for your help :) -Original Message- From: Sudhir Movva [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 5:58 PM To: 'Tomcat Users List' Subject: RE: Session timeout For application specific setting modify web.xml file of your application by adding session-config session-timeouttime in ms/session-timeout /session-config -Sudhir. -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 10:47 AM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout in tomcat
Howdy, session-config in web.xml. It's in the Servlet Specification. Yoav Shapira Millennium ChemInformatics -Original Message- From: Ravi Pachipala [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 3:27 PM To: '[EMAIL PROTECTED]' Subject: session timeout in tomcat Hi, I am using Tomcat 4.1.24. After running some tests/sessions sequentially, the Tomcat is exiting with outofmemory error. What are the paramters that control session timeout in Tomcat? I see the following paratmeters in server.xml but none of these seem to relate to idel timeout. Thanks Ravi Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout in tomcat
Thanks. That works. Ravi -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:20 PM To: Tomcat Users List Subject: RE: session timeout in tomcat Howdy, session-config in web.xml. It's in the Servlet Specification. Yoav Shapira Millennium ChemInformatics -Original Message- From: Ravi Pachipala [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 3:27 PM To: '[EMAIL PROTECTED]' Subject: session timeout in tomcat Hi, I am using Tomcat 4.1.24. After running some tests/sessions sequentially, the Tomcat is exiting with outofmemory error. What are the paramters that control session timeout in Tomcat? I see the following paratmeters in server.xml but none of these seem to relate to idel timeout. Thanks Ravi Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login timeout
In your web.xml file change to: session-config session-timeout40/session-timout /session-config Reis, Tom [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there a way to change the login timeout for Tomcat 4.03. I think it is set for 20 min. and I want to change it for a 40 min. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: login timeout
you can put in a servlet Filter to do this for you, or a Tomcat valve Filip -Original Message- From: Reis, Tom [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:45 AM To: Tomcat Users List (E-mail) Subject: login timeout We have a problem where users running a application leave it running and then come back to it after a while and get a error because it times out. Is there a way to have the application give a message that it timed out or to have it automatically refresh the page. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: login timeout
Howdy, Or you could have add a simple HTML HTTP-EQUIV refresh to your web pages, e.g for 30 minutes (= 30 * 60 = 1800sec) HTML HEAD META HTTP-EQUIV=refresh content=1800;URL=http://www.yoursite.com/timedout; TITLEyour page/TITLE /HEAD BODY whatever /BODY /HTML That way after 30min users will be timedout. The timedout location can be a servlet that does whatever you want, e.g. session.invalidate(), a redirect to another location (the login page), etc. Yoav Shapira Millennium ChemInformatics -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 1:47 PM To: Tomcat Users List Subject: RE: login timeout you can put in a servlet Filter to do this for you, or a Tomcat valve Filip -Original Message- From: Reis, Tom [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:45 AM To: Tomcat Users List (E-mail) Subject: login timeout We have a problem where users running a application leave it running and then come back to it after a while and get a error because it times out. Is there a way to have the application give a message that it timed out or to have it automatically refresh the page. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Execution timeout
Howdy, I don't know tomcat 3.x that well and certainly don't care to know it better. But it was always my perception that these timeouts are usually client-based. I think Internet Explorer has a default timeout of 60 seconds when waiting for a web page, for example. But I'm not sure... It's worth trying different browsers to see if you get the same behavior. Yoav Shapira Millennium ChemInformatics -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 10:03 AM To: [EMAIL PROTECTED] Subject: Execution timeout Is there any execute timeout in Tomcat 3.3? I have a servlet which reads a lot of data and it always timeout in 60 seconds. I would really need the execution time to be a lot more, like 5 minutes or so Jonas Lindau Swedish Rescue Services Agency This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Execution timeout
AFAIK tomcat has no own timeout of this kind. Are you shure that the problem is on the serverside at all, and not the browser ? The only thing on the serverside that could cause something like that would be a timeout in the servlet (e.g connection or read time out while reading from a socket or database) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: Execution timeout Is there any execute timeout in Tomcat 3.3? I have a servlet which reads a lot of data and it always timeout in 60 seconds. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session timeout not working anymore :(
I admit not not looking at this in detail. But the lack or a 'return;' statement after the jsp:forward is a major red flag. Sundar Narasimhan [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm running out of options -- but is there a problem with getSession(false)? Sigh. We used to have a piece of code included in our jsp's like so: header-inc % if (request.getSession(false) == null) { % jsp:forward page=logout.jsp?TIMEOUT=60 /jsp:forward % } % jsp:useBean id=user scope=session class=webapps.common.User/ header-inc and that was included in our files like so. That used to work.. but now when I have struts-html and struts-bean.. it always fails. Is there something wrong with getSession(false) now? The stack doesn't seem to include the struts generated servlets.. so I'm really puzzled!! Any help will be much appreciated even if it's only to say.. it's not struts :) I'm running Tomcat 4.18 on Windows XP. Thanks. main.jsp !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % html:html HEAD %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1 % META http-equiv=Content-Type content=text/html; charset=ISO-8859-1 META name=GENERATOR content=IBM WebSphere Studio META http-equiv=Content-Style-Type content=text/css LINK href=theme/tigris.css rel=stylesheet type=text/css TITLE/TITLE /HEAD body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 class=composite %@ include file=header-inc.jsp % --- javax.servlet.ServletException: class com.ascent.webapps.common.User : java.lang.InstantiationException: com.ascent.webapps.common.User at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp l.java:533) at org.apache.jsp.contactus_jsp._jspService(contactus_jsp.java:355) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 04) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:386) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:530) at
Re: session timeout not working anymore :(
What used to worked? What behavior are you expecting that you no longer observe? If I was to guess at what you're expecting to happen... I would guess that you are expecting that getSession(false) would equal null at some point and that never happens? This causes the useBean directive to fail. Try including a page directive for the JSP page not to participate in sessions. That is, insert the page directive before the DOCTYPE line. %@ page session=false %!DOCTYPE ... If not otherwise instructed the JSP compiler will automatically create a new HttpSession object for you by inserting the call HttpSession = request.getSession(true) into your compiled JSP code. Unless you suppress this behavior, your test in header-inc.jsp will always fail. At 23:35 2003-02-04 -0500, you wrote: Hi, I'm running out of options -- but is there a problem with getSession(false)? Sigh. We used to have a piece of code included in our jsp's like so: header-inc % if (request.getSession(false) == null) { % jsp:forward page=logout.jsp?TIMEOUT=60 /jsp:forward % } % jsp:useBean id=user scope=session class=webapps.common.User/ header-inc and that was included in our files like so. That used to work.. but now when I have struts-html and struts-bean.. it always fails. Is there something wrong with getSession(false) now? The stack doesn't seem to include the struts generated servlets.. so I'm really puzzled!! Any help will be much appreciated even if it's only to say.. it's not struts :) I'm running Tomcat 4.18 on Windows XP. Thanks. main.jsp !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1 % %@ include file=header-inc.jsp % --- javax.servlet.ServletException: class com.ascent.webapps.common.User : java.lang.InstantiationException: com.ascent.webapps.common.User at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:533) at org.apache.jsp.contactus_jsp._jspService(contactus_jsp.java:355) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:386) at
Re: session timeout not working anymore :(
On Tue, 4 Feb 2003, Sundar Narasimhan wrote: Date: Tue, 4 Feb 2003 23:35:38 -0500 From: Sundar Narasimhan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: session timeout not working anymore :( Hi, I'm running out of options -- but is there a problem with getSession(false)? Sigh. We used to have a piece of code included in our jsp's like so: header-inc % if (request.getSession(false) == null) { % jsp:forward page=logout.jsp?TIMEOUT=60 /jsp:forward % } % jsp:useBean id=user scope=session class=webapps.common.User/ header-inc and that was included in our files like so. That used to work.. but now when I have struts-html and struts-bean.. it always fails. Is there something wrong with getSession(false) now? The stack doesn't seem to include the struts generated servlets.. so I'm really puzzled!! Any help will be much appreciated even if it's only to say.. it's not struts :) That's the right answer :-). The exception is not happening in Struts, it is happening inside your page. I'm running Tomcat 4.18 on Windows XP. Thanks. main.jsp !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % html:html HEAD %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1 % META http-equiv=Content-Type content=text/html; charset=ISO-8859-1 META name=GENERATOR content=IBM WebSphere Studio META http-equiv=Content-Style-Type content=text/css LINK href=theme/tigris.css rel=stylesheet type=text/css TITLE/TITLE /HEAD body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 class=composite %@ include file=header-inc.jsp % --- javax.servlet.ServletException: class com.ascent.webapps.common.User : java.lang.InstantiationException: com.ascent.webapps.common.User This is the key to the problem -- for some reason, the page is not able to create an instance of your com.ascent.webapps.common.User class. Why it is even trying to do so must be in some code you have not shown us yet, but the most common causes are: * You don't have a copy of this class visible to the webapp. * The class is not public. * The class does not have a public, no-args constructor. * Somewhere in the constructor, or one of the initialization expressions for your class's instance variables, an exception is getting thrown. Craig McClanahan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
IMHO: Your web app web.xml overrides Tomcat's web.xml. Your application code overrides both. I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
Thanks for the reply. That's kind of what I suspected, but couldn't find anything that stated so -Original Message- From: mech [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 1:32 PM To: 'Tomcat Users List' Subject: RE: Session Timeout - Who has the final decision? IMHO: Your web app web.xml overrides Tomcat's web.xml. Your application code overrides both. I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] This transmission (and any information attached to it) may be confidential and is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient or the person responsible for delivering the transmission to the intended recipient, be advised that you have received this transmission in error and that any use, dissemination, forwarding, printing, or copying of this information is strictly prohibited. If you have received this transmission in error, please immediately notify LabOne at the following email address: [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
Howdy, Consider the order in which these settings are applied: Tomcat timeout is 30 minutes Applied on tomcat startup. Web Appl. timeout is 45 minutes Overrides above when your context starts up. session.setMaxInactiveInterval 3600 seconds (or 60 minutes) Overrides above when the code executes. You wouldn't find this stated in a document most likely. It's just kind of an observation because of the order things are executed. There can be no conflict within the server on this matter. Yoav Shapira Millennium ChemInformatics -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session Timeout - Who has the final decision?
On Mon, 27 Jan 2003, Jerry Jalenak wrote: Date: Mon, 27 Jan 2003 13:22:47 -0600 From: Jerry Jalenak [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: Session Timeout - Who has the final decision? Hi All, I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) Whichever value is set last always wins. Presumably, if your app is explicitly setting this, it was done after the session was created (which is when the initial default value is applied). You can call setMaxInactiveInterval() on a given session instance as many times as you like, and the last value you set is always the one that will apply when the current request completes. does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? Well, you could always *try* this and see for yourself too :-). TIA! Jerry Jalenak Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout setting (Getting desperate)
did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Hi, Kenny. I think this is basically how it works: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I hope this helps you find the problem. -Jeff Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/20/02 09:05 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Re: Session timeout setting (URGENT) Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Kenny G. Dubuisson, Jr. typed the following on 09:05 20/12/2002 -0600 Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. This is a standard configuration in the web.xml file, use: session-configsession-timeout60/session-timeout/session-config Make sure it's in the right place inside the web.xml file, after servlet-mappings. You can also set it programmatically using HttpSession.setMaxInactiveInterval(), which uses seconds rather than minutes. Plus, check out the PersistentSessionManager, which can be used to get really long session timeouts by swapping idle sessions out to disk. Kief -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout setting (Getting desperate)
Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:29 AM To: 'Tomcat Users List' Subject: RE: Session timeout setting (Getting desperate) did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Thanks for the quick response. Here are my responses: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. That makes sense to me but the setting in my $CATALINA_HOME/conf/web.xml is set to 30 mins which to me says that Tomcat is not using it. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. I haven't created a web.xml for my app...should I? I tried copying the $CATALINA_HOME/conf/web.xml over to my app's WEB-INF directory and changing the session-timeout setting to 120 mins to see if it worked. The problem was that my app totally stopped working; I couldn't even get my main login page to display. This says to me that there is a lot more involved in creating a web.xml than just copying it over from the conf directory. But realistically I don't really want to create one just for my app; my app is and will be the only app on my server. I would rather try to get Tomcat to use the setting in the conf/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I have no qualms about putting this in my code but not quite sure how to use it. Would I fetch the session ID and then call this method and it would keep from resetting the session ID the next time I go to check it. I guess my question mainly is would I call this method once upon login to my app and from then on every other page would use the timeout that the method call sets? Thanks so much for the info. Kenny - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:34 AM Subject: Re: Session timeout setting (URGENT) Hi, Kenny. I think this is basically how it works: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I hope this helps you find the problem. -Jeff Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/20/02 09:05 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Re: Session timeout setting (URGENT) Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Thanks for the response. Here is my questions? This is a standard configuration in the web.xml file, use: session-configsession-timeout60/session-timeout/session-config I checked my $CATALINA_HOME/conf/web.xml file and it currently has the setting set to 30 mins. This says to me that this setting is not getting used. I changed it to 120 and verified that 60 mins was still the default. Any idea of why my web.xml is not getting used? I do not have an application specific web.xml...the one in the conf directory is the only one I have. Plus, check out the PersistentSessionManager, which can be used to get really long session timeouts by swapping idle sessions out to disk. I read about this in the Tomcat docs but I'm not quite sure how to implement this. Is there a simple howto on this that you know of? Thanks, Kenny - Original Message - From: Kief Morris [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:36 AM Subject: Re: Session timeout setting (URGENT) Kenny G. Dubuisson, Jr. typed the following on 09:05 20/12/2002 -0600 Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. This is a standard configuration in the web.xml file, use: session-configsession-timeout60/session-timeout/session-config Make sure it's in the right place inside the web.xml file, after servlet-mappings. You can also set it programmatically using HttpSession.setMaxInactiveInterval(), which uses seconds rather than minutes. Plus, check out the PersistentSessionManager, which can be used to get really long session timeouts by swapping idle sessions out to disk. Kief -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (Getting desperate)
Thanks for the info. Here is my question: Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) I don't see such an app on my system. I'm running Tomcat 4.0.5. I went to the $CATALINA_HOME/webapps directory and see no such admin directory. Also, I examined my config files and see no such mapping for the admin app. Is this something I missed on the install? I would be very interested to see the Tomcat admin app if I could add it in now. Maybe the session setting is available via this missing app. Thanks, Kenny - Original Message - From: Jim Henderson [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:47 AM Subject: RE: Session timeout setting (Getting desperate) Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:29 AM To: 'Tomcat Users List' Subject: RE: Session timeout setting (Getting desperate) did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds
RE: Session timeout setting (Getting desperate)
The path I gave you is for Tomcat 4.1. For 4.0 you will have to define the manager in the $CATALINA_HOME/conf/tomcat-users.xml. Look at documentation at: http://localhost:8080/tomcat-docs/manager-howto.html. Sorry, it is not as simple in 4.0. -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 10:40 AM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Thanks for the info. Here is my question: Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) I don't see such an app on my system. I'm running Tomcat 4.0.5. I went to the $CATALINA_HOME/webapps directory and see no such admin directory. Also, I examined my config files and see no such mapping for the admin app. Is this something I missed on the install? I would be very interested to see the Tomcat admin app if I could add it in now. Maybe the session setting is available via this missing app. Thanks, Kenny - Original Message - From: Jim Henderson [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:47 AM Subject: RE: Session timeout setting (Getting desperate) Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:29 AM To: 'Tomcat Users List' Subject: RE: Session timeout setting (Getting desperate) did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have