https://bz.apache.org/bugzilla/show_bug.cgi?id=68449
Jhone <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- OS| |All --- Comment #1 from Jhone <[email protected]> --- It seems like you're encountering persistent issues with session timeouts within Tomcat, particularly for SSO enabled Users even after updating to Tomcat 9.0.83. The behavior where the session times out prematurely despite setting the setMaxInactiveInterval() might indeed have multiple underlying causes. Regarding your first question about whether setMaxInactiveInterval() has been deprecated and whether context.setMaxInactiveInterval() should be used instead: No, setMaxInactiveInterval() has not been deprecated. It's the method used to set the maximum time interval, in seconds, a session can remain inactive before Tomcat invalidates it. However, context.setMaxInactiveInterval() refers to a different level of configuration, applicable at the context level, not specifically for managing individual session timeouts. Regarding the second question about the defaulting of the timeout value to the one specified in web.xml every 2 or 5 minutes by a Tomcat process: Normally, the session timeout value set through web.xml is a default for the application unless overridden by individual session settings. Tomcat doesn't forcibly reset session timeouts to the value in web.xml every few minutes; it should retain the interval you've set unless explicitly changed during runtime. The absence of requests hitting the Tomcat server in the localhost_access_log despite session timeouts suggests a potential issue. If sessions are timing out prematurely without corresponding requests, it might indicate a disconnect between the user's actions and the server's understanding of their session activity. Considering that SSO enabled Users are specifically affected, it might be worth investigating how the SSO setup interacts with session management in Tomcat. Ensure that the SSO setup isn't unintentionally affecting or overriding session configurations. Additionally, given that the issue arose after migrating from Tomcat 9.0.64 to newer versions, there could be changes in default behaviors or configurations in these versions impacting session handling. Reviewing release notes or documentation for each version might provide insights into any changes that could influence session management. Investigating logs or enabling more detailed logging related to session management and SSO could offer clues about what might be causing this unexpected behavior. It might be beneficial to consult Tomcat forums or reach out to the Tomcat community for specific insights or experiences related to SSO and session management with the newer versions. Combining a detailed analysis of Tomcat's session management, reviewing SSO configurations, and potentially seeking community support could help narrow down and resolve this issue For More info Visit: https://pigsnames.com/ -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
