I am really confused about session timeouts. I see the following 4 variables
that are configurable-
1. In ApplicationContext.xml, the second argument for
"serviceTicketExpirationPolicy" Bean
2. In the same file, the first (and only) argument for
"grantingTicketExpirationPolicy" Bean
3. In web.xml for CAS webapp, the "session-timeout" entry
4. In tomcat's web.xml (under /conf), the "<session-config>
<session-timeout>...." entry
I assumed just setting #3 above would control the timeout. That doesn't seem
like it. So, I have been trying combinations and the one that worked is setting
#2 AND #4 to the same value. Is that right or am I missing something here? I am
using 3.06 server.
Also, by session timeout, I mean- I login and keep working. I walk away for 30
minutes (say) after I make my last request, I come back and try to access some
CAS protected page. I should be asked to login again.
Your thoughts are appreciated.
Thanks.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
