Hi Guys, We're running tomcat 4.0.x with Java 1.4.1. I have been doing tests with session timeouts, as people have been complaining that sessions don't timeout for many hours.
So, I wrote a script to test it with wget. The credentials file looks like 'username=username&password=password'. The command line looks like this... sessionTimeoutTest.sh 172800 172800 /tmp/login.html /tmp/wget-session.log /tmp/wget.cookies https://secure.athabascau.ca/cas/login /tmp/credentials.txt So, after 48 hours, the CAS session has not timed out. When I use our test environment, which unfortunately is different because we are running production CAS on a legacy environment, it times out in 7200 seconds (+/- 60) as expected. The test environment is tomcat5 and Java 1.4.2 FYI: This machine has been restarted recently as well, and it is not under very heavy load. Does anyone have any clue what is happening? We're thinking that an upgrade is in order, but would like to know why this is happening. #!/bin/sh # args timeout increment output.html logfile.log cookiefile url credentials.txt TIMEOUT=$1 INCREMENT=$2 OUTPUT=$3 LOGFILE=$4 COOKIEFILE=$5 URL=$6 CREDENTIALS=$7 wget --no-check-certificate -o $LOGFILE -O $OUTPUT \ --keep-session-cookies --load-cookies=$COOKIEFILE \ --save-cookies=$COOKIEFILE "${URL}`cat $CREDENTIALS`" NOTTIMEDOUT=true TOTALTIME=0 while $NOTTIMEDOUT -eq 'true'; do echo "Testing timeout at $TIMEOUT seconds"; sleep $TIMEOUT ((TOTALTIME += $TIMEOUT)); wget --no-check-certificate -o $LOGFILE -O $OUTPUT --keep-session-cookies \ --load-cookies=$COOKIEFILE --save-cookies=$COOKIEFILE "$URL" grep 'You have been logged' $OUTPUT if [[ $? -ne 0 ]]; then NOTTIMEDOUT=false echo "Timeout at $TIMEOUT"; echo "Total time: $TOTALTIME"; fi ((TIMEOUT += $INCREMENT)); # up the session test in 15 minute intervals done; __ This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
