On Nov 4, 2008, at 10:11 AM, Kofford, C Todd wrote:
I'm using jsecurity RC2, and I keep seeing the session for my webapp
expire after 30 minutes. Even though I do reads and writes to the
session, it unconditionally expires after 30 minutes.
Is this by design, or should session access (read or write) delay
session expiration for another 30 minutes?
In looking at the source code for RC2, it appears that the
lastAccessTime field of SimpleSession is never updated when the
session
is read from or written to. The lastAccessTime field only gets set
when
a SimpleSession is initially created and updated in the
DefaultSessionManager.onStop() method.
Good catch Todd. Would you like to submit a patch?
Regards,
Alan
