> I’ve beefed up my servlet session timeout to 7200 (... 5 full days).
That amount of beef may lead to coronary problems. > when they submit the login form, the form > just resets and clears the username/password field instead of authenticating > them and redirecting. Thoughts? The behavior you have cited is by design under an expired session condition: when a user posts credentials to an expired flow (backed by the session), a new flow is created and the user ends back up at the initial flow state which is an empty login form. In most cases simply entering credentials and posting them allows login to proceed. I understand you to say that an empty login form is repeatedly displayed on every attempt to post credentials; is that correct? In any case there's some evidence the servlet session is expired despite your extreme timeout. I should note that your session timeouts are well beyond anything we might encounter in a test environment. The default on Tomcat is 30 minutes; we have gone as high as 4 hours. 5 days is arguably ridiculous. What problem are you trying to solve with such extreme session timeouts? I'm hopeful treating the root problem instead of the symptoms may be more fruitful. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
