I'm using jsecurity RC2, and I keep seeing the session for my webapp expire after 30 minutes. Even though I do reads and writes to the session, it unconditionally expires after 30 minutes.
Is this by design, or should session access (read or write) delay session expiration for another 30 minutes? In looking at the source code for RC2, it appears that the lastAccessTime field of SimpleSession is never updated when the session is read from or written to. The lastAccessTime field only gets set when a SimpleSession is initially created and updated in the DefaultSessionManager.onStop() method. Thanks, Todd Kofford [EMAIL PROTECTED] University of Kansas - IT
