-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, November 14, 2011 6:17 PM
To: Tomcat Users List
Subject: Re: Session time out never takes place with ajax
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sharon,
On 11/10/11 3:11 AM, Sharon Prober
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sharon,
On 11/10/11 3:11 AM, Sharon Prober (sprober) wrote:
I understand it is invoked before the filters, but after
completion it would arrive to the filter/servlet container anyway.
So what your saying is that if I build a valve and read
Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, November 10, 2011 8:04 AM
To: Tomcat Users List
Subject: Re: Session time out never takes place with ajax
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sharon,
On 11/9/11 12:56 AM, Sharon Prober (sprober
So to recap, and verify my understanding...
Perhaps I am missing some valve overview.
I understand it is invoked before the filters, but after completion it
would arrive to the filter/servlet container anyway.
So what your saying is that if I build a valve and read information from
IO file
Hi,
This is my first post here so wish me luck J
My question is as follow:
I have a web based application running on tomcat 6.0.29
On my main page there is a polling ajax call every 5 seconds.
Clearly this revalidates the session and by that renders the session
timeout feature unusable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sharon,
On 11/9/11 12:56 AM, Sharon Prober (sprober) wrote:
This is my first post here so wish me luck J
Welcome.
My question is as follow:
I have a web based application running on tomcat 6.0.29
On my main page there is a polling ajax call
...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
time-out
The spec is clearer than that. The * role == all roles defined in
web.xml.
Yes, but what it's not clear about is what happens when there are
*no* roles defined in web.xml, which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
time-out
The spec is clearer than that. The * role
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 7:22 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
What the spec is not explicit about
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Request not forwarded to login page with
security-constraintafter session time-out
I don't find this ambiguous at all
You have to carefully examine the sections being referred to; in each area of
the spec
On 27.02.2009, at 17:38, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
time
Marcel,
On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör mar...@frightanic.com wrote:
[Problem]
Upon session time-out the request is not forwarded to the login page (form
based auth). Nothing happens on the UI. However, forwarding to the login
page does work during the initially login
Gregor Schneider wrote:
Marcel,
On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör mar...@frightanic.com wrote:
[Problem]
Upon session time-out the request is not forwarded to the login page (form
based auth). Nothing happens on the UI. However, forwarding to the login
page does work during
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 2/26/2009 9:59 AM, Gregor Schneider wrote:
This looks a bit awkward to me (didn't know that this is possible),
but I guess that's not the reason for your problem:
role-name*/role-name
This is fine. From the servlet spec SRV.13.3:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote:
If I request a protected URL (manually clicking
link, AJAX request, etc.) *after* the session has timed out I expect an
automatic forwarding to the login page. As I could see while debugging,
the
On 26.02.2009, at 20:13, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote:
If I request a protected URL (manually clicking
link, AJAX request, etc.) *after* the session has timed out I
expect an
automatic forwarding
From: Marcel Stör [mailto:mar...@frightanic.com]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
No, I only mentioned this because Tomcat throws an SQL exception
because it tries to query a table called if I don't specify a role
table
Caldarale, Charles R wrote:
From: Marcel Stör [mailto:mar...@frightanic.com]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
No, I only mentioned this because Tomcat throws an SQL exception
because it tries to query a table called if I don't
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The * role == all roles
defined in web.xml.
Yes, but what it's not clear about is what happens when
Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The * role == all roles
defined in web.xml.
Yes, but what it's not clear about is what
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraintafter session time-out
If * is all roles defined and you have no roles
defined then you are basically preventing anyone
from accessing that resource
That's not quite what
On 26.02.2009, at 23:44, Mark Thomas wrote:
Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The * role == all roles
defined in web.xml
Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraintafter session time-out
If * is all roles defined and you have no roles
defined then you are basically preventing anyone
from accessing
Marcel Stör wrote:
Not sure I can follow you guys on this...A few questions, my assumption
is that the role-issue has nothing to do with the real problem:
Correct. Chuck and I are off on our own little tangent.
1. Is the *-role issues even relevant in my context? After all, the
security
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
What the spec is not explicit about is the combination
of * with an empty or non-existant security-role list.
I think it is quite clear. It means
Marcel Stör wrote:
[...]
3. Why does it seem to be relevant that the request where
auto-forwarding-to-login-after-session-timeout fails is an AJAX request?
That was my last thought last night before I fell asleep...and my first this
morning when I woke up. And then the scales fell from my
Up to now I had always thought I understood the security aspects of
the Servlet spec quite well. Looks like I was wrong...
[Problem]
Upon session time-out the request is not forwarded to the login page
(form based auth). Nothing happens on the UI. However, forwarding to
the login page does
Urvish,
Urvish Shah wrote:
In our application we are using Tomcat 5.5.9. Our tomcat session time
out is 30 minutes
We have one bottom html frame in our web page which automatically
gets refreshed every 10 seconds to poll some event notifications
after user logs in.
Hmm, that could
Hi
In our application we are using Tomcat 5.5.9. Our tomcat session time
out is 30 minutes
We have one bottom html frame in our web page which automatically gets
refreshed every 10 seconds to poll some event notifications after user
logs in.
Because of this reason we never get session
Hi to allCan One of you help me how to make a session alive,
because my session is getting expired after the time mentioned in the
web.xmlWith regardsJitendra Ch
_
The idiot box is no longer passe!
I suppose you use a servlet to set the session, you can use
session.setMaxInactiveInterval(time)
where the variable time points out how many second you want to keep
alive your session.
e.g. time=60*60 =1h.
However you should set a reasonable time interval, you can't keep
alive your session for
Hello
Does application WEB-INF/web.xml override default conf/web.xml setting?
specifically session time out , but want to know if other setting is
overriden.
and can we disable this through server.xml ?
Thanks
Adam
: session time out
Hello
Does application WEB-INF/web.xml override default conf/web.xml setting?
specifically session time out , but want to know if other setting is
overriden.
and can we disable this through server.xml ?
Thanks
Adam
On 4/30/07, Tomcat [EMAIL PROTECTED] wrote:
Hello
Does application WEB-INF/web.xml override default conf/web.xml setting?
specifically session time out , but want to know if other setting is
overriden.
Specifically the session time out in /WEB-INF/web.xml overrides /conf/web.xml
Don't know
Hello Martin,
my main question was :
Does application WEB-INF/web.xml override default conf/web.xml setting?
I mean in a container containing several applications, can each of them
set session time out
in their /WEB-INF/web.xml and is that over ride the default setting
which is set in /conf
Martin,
Martin Gainty wrote:
On the Connector you can set
connectionTimeout = 0 for indefinite timeout
also a keepAliveTimeout on the Sender which I believe defaults to 60 sec
http://tomcat.apache.org/tomcat-5.5-doc/cluster-howto.html
Once again, irrelevant and incorrect.
The OP is asking
HI
I want to modify the time out of web app in tomcat where should i change
that?
what is the default value of time out?
thanks
bhavik
22 juin 2006 15:14
À : users@tomcat.apache.org
Objet : how to change session time out one of the web app in tomcat
HI
I want to modify the time out of web app in tomcat where should i change
that?
what is the default value of time out?
thanks
bhavik
38 matches
Mail list logo
