>> When people view my CAS login page, and they wait a long time >> (5 minutes or something), and then they log in, they go to the generic >> error handler >> page. > > That shouldn't happen. The expected behavior is to get a blank login > form. We have custom config to intercept the Spring Webflow > exceptions that occur on an expired session. What CAS version?
It's version 3.4.8, maybe i corrupted a setting? What i mean is, it goes to /WEB-INF/view/jsp/errors.jsp I adapted its code to: <div id="welcome"> <div class="errors"> <spring:message code="error.generic" /> </div> <% String retrylink = "login?" + request.getQueryString(); %> <p> <a href="<%= retrylink %>"><spring:message code="error.tryagain" /></a> </p> </div> (my jsp is probably bad, but eh, it works..) >> Or would it be possible to increase this timeout to a lot more, like an hour? > > Yes. Set the session timeout in the web.xml to whatever value you > like. It's 5m by default since we only need to hold session data for > a short period to get the user's credentials and authenticate them. Thanks (and also towards Scott), i've increased this value! > We may really need to investigate a more robust solution for graceful > session timeouts -- this issue comes up fairly often. I will say some > folks have implemented javascript pings to keep the session alive, but > my reaction to that is a hearty "yuck." Yes, i know, but it's a valid technology to do things like that :-) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
