https://bz.apache.org/bugzilla/show_bug.cgi?id=67793
--- Comment #7 from Mircea Butmalai <mircea.butma...@radcom.ro> --- Dear Channa, I have just tested with tomcat 10.1.16 that contains the fix and after passing form authentication the session timeout reverts to default 30 minutes as calculated from application web.xml or default value. Of course that during display of login page the session timeout is changed to 2 minutes because this is the intent and should be. Anyway this parameter can be changed by inserting a valve for form authenticator with parameter authenticationSessionTimeout set to your new preferred value. I am very confident that 9.x branch contains correction equivalent to 10.1.x branch. Maybe you can elaborate your use case scenario. Thanks, Mircea -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org