For my webapp, I am using JSECURITY_SESSION_MODE and I'm guessing that jsecurity implements this using the SimpleSession class. In tracing through the source code when reading/writing session attributes from my webapp, the calls always ends up at the SimpleSession class. In the SimpleSession class, the last access timestamp was not being updated during reads or writes to the session. I provided a patch for this which remedied the problem, at least in my case.
Hopefully, that was the problem, but someone a lot more familiar with the jsecurity architecture (Les) might want to analyze this problem and the patch that I provided. I'd be happy to provide any additional information if needed. Thanks, Todd Kofford [EMAIL PROTECTED] -----Original Message----- From: Alan D. Cabrera [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2008 3:24 PM To: [email protected] Subject: Re: Session Expiration? Could the sample app that you're using use the WebSession and the one that Todd is testing use the SimpleSession? Regards, Alan On Nov 11, 2008, at 11:50 AM, Les Hazlewood wrote: > Hi Todd, > > Sorry about the late reply - I've been out of town until yesterday. > > The session expiration time is calculated based on the session's last > access timestamp. This timestamp is updated during almost all > operations to a session, so it should be calculated correctly. Are > you still seeing this? > > The sample applications I've tested (after building JSecurity) work as > expected - I can click a link every 15 minutes or so over an hour, and > my session isn't timing out. I'm confused as to how this is happening > for you. Do you have any other information? > > Cheers, > > Les > > On Thu, Oct 30, 2008 at 12:16 PM, Kofford, C Todd <[EMAIL PROTECTED]> > wrote: >> I'm using jsecurity RC2, and I keep seeing the session for my webapp >> expire after 30 minutes. Even though I do reads and writes to the >> session, it unconditionally expires after 30 minutes. >> >> Is this by design, or should session access (read or write) delay >> session expiration for another 30 minutes? >> >> Thanks, >> >> Todd Kofford >> [EMAIL PROTECTED] >> University of Kansas - IT >> >
