Application sessions are independent of CAS sessions. You would need to set the session timeout in your application's web.xml.
-Scott On 3/20/07, t ray <[EMAIL PROTECTED]> wrote:
Hello all, I am attempting to implement inactivity timeout. I set the value of session-timeout in CAS web.xml and expected the session to timeout after the specified period of time. I expected any attempt to access the webapp after the timeout to take the user to the login page and after successful re-authentication, to the originally requested page. However, this isn't hapenning. The timeout doesn't seem to take effect at all. What am I missing? What does the session-timeout value represent- number of minutes after which session will timeout regardless of user activity or number of minutes session will timeout after last user activity? I tried and the session doesn't timeout either way. Alternatively, if the above doesn't work, I was planning to invalidate the session by calling session.invalidate( ) after my webapp detects a timeout (it does this). That I believe will force CAS to re-authenticate the user. Suggestions? Thanks ------------------------------ The fish are biting. Get more visitors<http://us.rd.yahoo.com/evt=49679/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=US2140&cmp=Yahoo&ctv=Q107Tagline&s=Y&s2=EM&b=50>on your site using Yahoo! Search Marketing. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
