If you want to control the Single Sign On Session you need to modify the granting ticket expiration policy. The Tomcat sessions have nothing to do with your SSO session.
-Scott On Thu, May 8, 2008 at 9:47 PM, tedzo <[EMAIL PROTECTED]> wrote: > I am really confused about session timeouts. I see the following 4 > variables that are configurable- > > 1. In ApplicationContext.xml, the second argument for > "serviceTicketExpirationPolicy" Bean > 2. In the same file, the first (and only) argument for > "grantingTicketExpirationPolicy" Bean > 3. In web.xml for CAS webapp, the "session-timeout" entry > 4. In tomcat's web.xml (under /conf), the "<session-config> > <session-timeout>...." entry > > I assumed just setting #3 above would control the timeout. That doesn't > seem like it. So, I have been trying combinations and the one that worked is > setting #2 AND #4 to the same value. Is that right or am I missing something > here? I am using 3.06 server. > > Also, by session timeout, I mean- I login and keep working. I walk away for > 30 minutes (say) after I make my last request, I come back and try to access > some CAS protected page. I should be asked to login again. > > Your thoughts are appreciated. > > Thanks. > > ------------------------------ > Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it > now.<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
