Short question: Why does the Tomcat session timeout impose an effect on JBossSX?
Long question: Leaving our webapp's login page (presented upon request for restricted content) open prevents the user from logging in after a period of time. As tested, this timespan is set via (Tomcat's) session timeout variable in the web.xml. Why so? Does JBossSX rely on a HttpSession to remember the requested URL (restriced content)? This does not appear appropriate to me. (I have to admit, though, we're using JBoss 3.0.26). We have to use short timeouts (3 and 5 minutes), as the application runs on public information terminals. My current workaround includes setting session timeouts via code using session.setMaxInactiveInterval(int time_secs) and leaving web.xml's timeout at a fairly high value. I am concerned about possible security issues in my workaround. Also, a "clean" solution would be highly appreciated. Thanks! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3891022#3891022 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3891022 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
