Re: Session timeout issues
On 15/09/05, Leon Rosenberg [EMAIL PROTECTED] wrote: Hi, I don't know if this fits, but could it be, that your problem is related to the tomcat session synchronization bug? http://issues.apache.org/bugzilla/show_bug.cgi?id=36541 That does look like a potential issue. However, I think I may have tracked this down to cookies and switching between HTTP and HTTPS. There are two scenarios: 1) User starts at an HTTP page and is given a cookie. This cookie can be used in secure and non secure requests. 2) User starts at an HTTPS page and is given a cookie. This cookie is only valid for secure requests (because it has Set-Cookie: ;Secure in the response header). When a user is redirected to an HTTP page they are given a *new* cookie and a new HttpSession is created on the server. Can you tell me the exact semantics of the secure attribute on the connector element? The documentation just says Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received Thanks James Shaw On 9/15/05, James Shaw [EMAIL PROTECTED] wrote: On 14/09/05, James Shaw [EMAIL PROTECTED] wrote: I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. I have some more info on this problem. During the login process, the original JSESSIONID that tomcat gives to the browser is being lost and a new HttpSession with a new id is being created. So either the browser is not sending the cookie containing the session id, or Tomcat is somehow losing the id. Does anyone have an idea what this problem could be? Perhaps you could point me to some information about how Tomcat receives cookies and maps these to their respective HttpSession objects. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout issues
On 14/09/05, James Shaw [EMAIL PROTECTED] wrote: I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. I have some more info on this problem. During the login process, the original JSESSIONID that tomcat gives to the browser is being lost and a new HttpSession with a new id is being created. So either the browser is not sending the cookie containing the session id, or Tomcat is somehow losing the id. Does anyone have an idea what this problem could be? Perhaps you could point me to some information about how Tomcat receives cookies and maps these to their respective HttpSession objects. Thanks James Shaw - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Think of the timeout as a 30 minute countdown timer. Every time there is any session activity, like a page request, the timers starts over. If the timer ever gets to 0, then the session times out. Jay Vertical Technology Group http://www.vtgroup.com/ -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 10:13 AM To: Tomcat Users List Subject: Re: session-timeout If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
thank you !! Jay Burgess wrote: Think of the timeout as a 30 minute countdown timer. Every time there is any session activity, like a page request, the timers starts over. If the timer ever gets to 0, then the session times out. Jay Vertical Technology Group http://www.vtgroup.com/ -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 10:13 AM To: Tomcat Users List Subject: Re: session-timeout If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout
How about trying? Put this inside your web-app in web.xml session-config session-timeout10/session-timeout /session-config The number within the session-timeout element must be expressed in minutes. Works for me with the StandardManager, in tomcat 5 Trond Freddy Villalba A. wrote: Hi everybody, Is it possible to configure the session timeout using the org.apache.catalina.session.StandardManager Session Manager or am I forced to use the Persistent Manager just for doing so? (Tomcat v4.1) Regards, F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout means tomcat restart
Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2
Re: RE: session-timeout means tomcat restart
We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasourceconnection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful
Re: session-timeout means tomcat restart
Hi Steve, sorry for lack of details. In any case, problem solved. I am developing a webapp in the MVC style and was referring to the 'C' of the MVC when mentioning the controller. I am using TC as-is however. There was a bug in a data source validity check upon login making it so the data source was not getting re-established if need be. Then it would just hang on login. Not sure why I was often required to hard boot but it's not longer a problem since I corrected the data source hook. Eric On Mon, 8 Nov 2004 22:19:27 -, Steve Kirk [EMAIL PROTECTED] wrote: Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must
RE: RE: session-timeout means tomcat restart
sorry but no. what about the other points. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday 08 November 2004 22:37 To: Tomcat Users List Subject: Re: RE: session-timeout means tomcat restart We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasourceconnection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your
Re: RE: session-timeout means tomcat restart
Other points? I posted details when I solved this problem, last Friday, but I only now realized that someone changed the thread, a couple have, and my post is related to that thread. Perhaps you didn't see that. If you're wondering about event listeners, I have not implemented any as of yet. If you're still looking for other points then I'll need you to be specific. Also, in looking back at this thread I noticed you were the one who suggested creating a myapp.xml and where to put it. This was the suggestion I followed that finally solved my problem. Many thx for that! I still have yet to find a mention of this in TC 5.0 docs. Eric btw, I am required to manually put that myapp.xml at CATALINA_HOME/conf/Catalina/localhost/. I tried creating a META-INF, located at /myapp/ with a context.xml, but this did not result in a dynamic copy at CATALINA_HOME/conf/Catalina/localhost/. On Tue, 9 Nov 2004 00:51:09 -, Steve Kirk [EMAIL PROTECTED] wrote: sorry but no. what about the other points. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday 08 November 2004 22:37 To: Tomcat Users List Subject: Re: RE: session-timeout means tomcat restart We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm
RE: session-timeout means tomcat restart
-Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout means tomcat restart
Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout means tomcat restart
Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Yoav, Thanks for replying, long timeLeft = session.getLastAccessedTime() + session.getMaxInactiveInterval() * 1000 - System.currentTimeMillis(); PJ On Mon, 2004-09-20 at 22:54, Shapira, Yoav wrote: Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Found the issue ... my apologies for wasting ppls time. A colleague had added a setMaxInactiveInterval statement in another section of the code which was overriding the web.xml value. Worse was that he'd set it for 3 thinking it was supposed to be in ms. My apologies all and thanks Yoav for looking into it. PJ On Tue, 2004-09-21 at 08:00, Peter Johnson wrote: Yoav, Thanks for replying, long timeLeft = session.getLastAccessedTime() + session.getMaxInactiveInterval() * 1000 - System.currentTimeMillis(); PJ On Mon, 2004-09-20 at 22:54, Shapira, Yoav wrote: Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout: web.xml and setMaxInactiveInterval(int)
Your assumption is incorrect. When the session is created it will follow the value set in your web.xml but in this case, after session creation you modify its timeout attribute to be higher. This will only apply to sessions that go through this servlet, obviously. Ta Matt -Original Message- From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] Sent: 15 July 2004 22:44 To: Tomcat User Subject: session timeout: web.xml and setMaxInactiveInterval(int) My web.xml has the following: session-config session-timeout30/session-timeout /session-config However, when a user logs in, the following code in our app gets executed: HttpSession session = request.getSession(false); session.setMaxInactiveInterval(7200); I've been fiddling with the web.xml and didn't realize that other code was in there, and I'm wondering who trumps who. I would assume that the web.xml's global setting would have priority over any individual setting, but it could easily be the other way around! Thanks, Stephen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout Error
I do not remember where i can set session time our for a web-app? But i think you must also set keepalive time, if i am not wrong :~)) -Original Message- From: Matt Krone [mailto:[EMAIL PROTECTED] Sent: Friday, June 18, 2004 5:49 PM To: [EMAIL PROTECTED] Subject: Session Timeout Error The web application I developed has a session-timeout setting of 10 minutes. When I authenticate with the application using the web browser Mozila 1.6 the session times out in 10 minutes. However, when I use the web browser IE 6.0 the session does not time out in 10 minutes. Any thoughts would be helpful? -Matt = /* Matt */ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: The strange thing is that this page seems to only intermittently be displayed. i.e. it is catching the case where the session expires, but, in some cases since I'm using container based security, it is going back to the login page. Sometimes it goes to this page first, and then brings up the login page. Other times, it just goes straight to the login page. I need to look into it further. I have SingleSignOn enabled, so, I'm not sure if that May be it's working so fast you sometimes don't notice this redirection, and sometimes do? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
I found out about a few other functions that make it bit easier. I think I have it working using the following, public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if(((HttpServletRequest)request).getRequestedSessionId() != null ((HttpServletRequest)request).isRequestedSessionIdValid() == false) { RequestDispatcher rd = request.getRequestDispatcher(/WEB-INF/sessionexpired.jsp); rd.forward(request, response); } else { chain.doFilter(request, response); } } The strange thing is that this page seems to only intermittently be displayed. i.e. it is catching the case where the session expires, but, in some cases since I'm using container based security, it is going back to the login page. Sometimes it goes to this page first, and then brings up the login page. Other times, it just goes straight to the login page. I need to look into it further. I have SingleSignOn enabled, so, I'm not sure if that might have something to do with it. I need to do more testing. In theory, I think it should go to the login page each time. So, I'm thinking of putting a check in my login page similar to the above that just shows optional text stating that the session has expired. Another thing that I'm wondering is if it is possible to use a servlet as the login page for Tomcat rather than a .jsp file. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, May 21, 2004 7:15 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. I've just tried this way, it works. Look at example .java file in attach for example, it's Filter implementation. Thanks for the suggestion, it's very useful. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. I've just tried this way, it works. Look at example .java file in attach for example, it's Filter implementation. Thanks for the suggestion, it's very useful. package org.unchqua.test.servlet; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.Cookie; public class NewSessionFilter implements Filter { private FilterConfig fconf; public void init(FilterConfig arg0) throws ServletException { fconf=arg0; } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fchain) throws IOException, ServletException { boolean newManualSession=false; String fromSession=null; if (((HttpServletRequest)req).getSession(false)!=null) { fromSession=((HttpServletRequest)req).getSession(false).getId(); } if (fromSession==null) { fromSession=((HttpServletRequest)req).getSession().getId(); newManualSession=true; } String fromCookie=null; Cookie[] cooks=((HttpServletRequest)req).getCookies(); if (cooks!=null) { for (int i=0; icooks.length; i++) { if (cooks[i].getName().equals(JSESSIONID)) { fromCookie=cooks[i].getValue(); break; } } } ServletOutputStream out=resp.getOutputStream(); out.println(newManualSession ? Session manually created : ); out.println(fromSession!=null ? From session: +fromSession : No session); out.println(fromCookie!=null ? From cookies: +fromCookie : No session id in cookies); if (fromSession==null fromCookie==null) out.println(Session is completely new); else if (fromSession==null fromCookie!=null) out.println(Session lived but has been expired); //fchain.doFilter(req, resp); } public void destroy() { fconf=null; } } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
In my case, I don't just want to test for a timed out session. I want to see if the session has timed out since the user has logged in. So, when the user logs in, I add an object to the session (any object will do). Then at the top of every servlet I test for the existence of that object 'if(session.getAttribute(myObject) == null)'. If the object is null then I know that the session has timed out since the user last logged in. At that point, I forward to the session expired page which informs the user that he/she must log back in. It sounds like you're looking for something similar. On Wednesday 19 May 2004 04:56 pm, Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Does anyone have example source code on how to do this? Jon - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 3:16 PM Subject: Re: Session Timeout and Direct Reference to login page On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote: : All I want to do is detect when a session has timed out for a user and : display a page stating such when the user makes a request after the session : has timed out. It seems like this should be a straight forward thing to do. : Am I missing something? You could use a session listener and check its existence with a filter... In other words: // filter pseudocode if( null != session.getAttribute( UserMarker ) ){ // pass the req and resp down the filter chain }else{ // forward() to a your session timed out page } Is this what you're after? Option #2: have each page meta-refresh to the your session timed out page (set the refresh value 1 or 2 seconds beyond the session timeout). This is more intrusive, though: people don't typically like it when their browser starts moving around when they didn't explicitly ask. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
What was wrong with the first suggestion? 1.) When your user logs in, throw an object in their session. 2.) In each servlet/jsp (or, better, in a filter), test for the existence of that object and forward back to the login if it is null. Seems pretty straight forward to me. On Thursday 20 May 2004 12:51 pm, Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Thanks for the suggestion. The reason that I can't do it that way (as far as I know) is because I'm using container-based security. I'm not handling the submission of the login form directly. Before I switched to using container-based security, I was doing it exactly as you described. Jon - Original Message - From: Ben Souther [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 12:26 PM Subject: Re: Session Timeout and Direct Reference to login page What was wrong with the first suggestion? 1.) When your user logs in, throw an object in their session. 2.) In each servlet/jsp (or, better, in a filter), test for the existence of that object and forward back to the login if it is null. Seems pretty straight forward to me. On Thursday 20 May 2004 12:51 pm, Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Tomcat behaves according to the Servlet/JSP specs. It creates a new session if a request is made after the previous one expires. It's not too difficult to write your own, I did. -Write a session-timeout.jsp with a link to your login. -Define a context-param in web.xml (session-timeout-page-url) or something like that, which defines the name of your session-timeout.jsp -At the top of every servlet check for the existence of an object that get's put in session during login (an empty string will do). If it's null, forward to the session-timeout.jsp. Of course, you could also just forward straight to the login page and bypass the session-timeout.jsp altogether. If you're doing everything with JSPs, you could just use an include for the code that does the checking so you don't have to put the same code on the top of every JSP. You could also do the same thing from a Filter. On Wednesday 19 May 2004 04:35 pm, Jonathan Eric Miller wrote: It's too bad there isn't a session-timeout-page element that you can put in web.xml kind of like the error-page element... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and Direct Reference to login page Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e
Re: Session Timeout and Direct Reference to login page
It's too bad there isn't a session-timeout-page element that you can put in web.xml kind of like the error-page element... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and Direct Reference to login page Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Does anyone have example source code on how to do this? Jon - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 3:16 PM Subject: Re: Session Timeout and Direct Reference to login page On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote: : All I want to do is detect when a session has timed out for a user and : display a page stating such when the user makes a request after the session : has timed out. It seems like this should be a straight forward thing to do. : Am I missing something? You could use a session listener and check its existence with a filter... In other words: // filter pseudocode if( null != session.getAttribute( UserMarker ) ){ // pass the req and resp down the filter chain }else{ // forward() to a your session timed out page } Is this what you're after? Option #2: have each page meta-refresh to the your session timed out page (set the refresh value 1 or 2 seconds beyond the session timeout). This is more intrusive, though: people don't typically like it when their browser starts moving around when they didn't explicitly ask. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote: : All I want to do is detect when a session has timed out for a user and : display a page stating such when the user makes a request after the session : has timed out. It seems like this should be a straight forward thing to do. : Am I missing something? You could use a session listener and check its existence with a filter... In other words: // filter pseudocode if( null != session.getAttribute( UserMarker ) ){ // pass the req and resp down the filter chain }else{ // forward() to a your session timed out page } Is this what you're after? Option #2: have each page meta-refresh to the your session timed out page (set the refresh value 1 or 2 seconds beyond the session timeout). This is more intrusive, though: people don't typically like it when their browser starts moving around when they didn't explicitly ask. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerald Powel wrote: | Hi all, | | I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. Jerald, I don't know the internals of Tomcat's Session management, but there are a few things to think about here that might help. 1) Just by closing the browser does not cause the session to close. 2) You could be putting some shared object into the Session which is not garbage collected when the session itself dies. 3) I believe you can configure a listener to receive an event when a session dies. You could therefore see if they really are being closed. 4) Be careful what you put in the Session. Usually only place small or transient objects into the Session. Don't put any heavy objects, like database connections into the session. 5) There could be a Tomcat bug. :) (unlikely, though) Hope that helps, Seth -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFATPrI5EIB1scRes8RAn7oAJ43yJLv+9GeaQD7LADIuQfk0N5zuQCeJTDl +aFJNg57g77HwvOATT60kB8= =8yG4 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:38 PM To: Tomcat Users List Subject: session-timeout Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. thanks for your input G. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
At 02:37 PM 3/8/2004, you wrote: Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. I'm dismayed that this topic keeps coming up ... it really should die. There is not a 1-1 correspondence between the memory that you see your task manager report and the amount of actual memory being consumed by your app. It's a problem of perspective -- from the operating system's perspective, the consumer is the java JVM. From your perspective, the consumer is your webapp. When Tomcat requests more memory, the JVM in turn requests more memory from the OS. Just because Tomcat releases memory doesn't mean that the JVM does. You can't use the Task Manager to (reliably) measure your webapp's memory consumption. There is plenty of information about this in the archives or by reading up on JVM memory management for whatever vendor/platform you're running on. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 03:07 PM 3/8/2004, you wrote: My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? thnx G. Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
RE: session-timeout
At 04:50 PM 3/8/2004, you wrote: Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? Try these (from a really quick search) to get you started. Look at the terms being used and try searching for other messages along the same lines. http://www.mail-archive.com/[EMAIL PROTECTED]/thrd4.html#119966 http://www.mail-archive.com/[EMAIL PROTECTED]/msg120110.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg111595.html The JVM is the software that you download from Sun. It's the thing that runs *any* java program. Tomcat is one possible program. Point being it's the JVM's responsibility to request memory from the operating system, then provide that memory to the java program running inside it. Just because Tomcat no longer uses the memory (when a session expires, for example), doesn't mean the JVM returns it to the OS. Hope that helps, justin Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout
Perhaps because in the web.xml you specify the value in minutes, and in the code the method getMaxInactiveInterval() retrieves the time in seconds?? ;-) Vitor Chris Wahl wrote: Hi,all I am using TC4.0.6, After I setting session timeout to -1 by adding following in web.xml: session-config session-timeout-1/session-timeout /session-config In a servlet of the same web module I get such interesting output: hs.getMaxInactiveInterval() = -60 // hs is HttpSession My question is, why -1 is replaced by -60? Regards Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout
I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout
anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout
Howdy, The servlet specification is the only authority on this, misleading books should be tossed aside. SRV.7.5 is clear, session timeout is for inactivity, not total duration, as Senor Curwen opined. The first part of his message, using $CATALINA_HOME/conf/web.xml, I would discourage, as it's non-standard. Stick to WEB-INF/web.xml, which is standard and therefore portable across containers. Yoav Shapira Millennium ChemInformatics -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:05 AM To: 'Tomcat Users List' Subject: RE: Session Timeout anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only
Re: Session Timeout
That's actually why I was floored when my applet was kicked back to the login form after half an hours of continuous activity. Mike Curwen wrote: anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout
I'm looking at the 2.3 spec right now. SRV 7.5 does say that the timeout set by setMaxInactiveInterval() is for inactivity. However, that section doesn't address the session-timeout/ parameter. It does say that the default is up to the container. In SRV.13.3, the session-timeout/ defines the default timeout. However, the word inactivity is interestingly missing from this description. It also specifies the ability to set the system to never timeout if the value is set to 0 or less. None of this explains why my session timed out after ~30 minutes of continuous activity by default or with the session-timeout/ parameter set to 5 minutes. I must really be missing something. Everything everybody has said is reasonable and matches my expectations. However, it does not appear to match my experiments. I'll try some more. Thanks, G. Wade Shapira, Yoav wrote: Howdy, The servlet specification is the only authority on this, misleading books should be tossed aside. SRV.7.5 is clear, session timeout is for inactivity, not total duration, as Senor Curwen opined. The first part of his message, using $CATALINA_HOME/conf/web.xml, I would discourage, as it's non-standard. Stick to WEB-INF/web.xml, which is standard and therefore portable across containers. Yoav Shapira Millennium ChemInformatics -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:05 AM To: 'Tomcat Users List' Subject: RE: Session Timeout anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go
Re: Session Timeout
I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
The default setting for session timeout should be done in %CATALINA_HOME%/conf/web.xml Look for the tag session-config -Sudhir. -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 10:47 AM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
You can use, session-config session-timeoutXXX/session-timeout /session-config in your web.xml Regards, A.Sankar -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 8:17 PM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
For application specific setting modify web.xml file of your application by adding session-config session-timeouttime in ms/session-timeout /session-config -Sudhir. -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 10:47 AM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session timeout
Thank you all for your help :) -Original Message- From: Sudhir Movva [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 5:58 PM To: 'Tomcat Users List' Subject: RE: Session timeout For application specific setting modify web.xml file of your application by adding session-config session-timeouttime in ms/session-timeout /session-config -Sudhir. -Original Message- From: Tarek M. Nabil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 10:47 AM To: 'Tomcat Users List' (E-mail) Subject: Session timeout Hi everyone, How do I configure the session timeout value in Tomcat. I don't want to use code to do it. Any help is appreciated. Thanks, Tarek M. Nabil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout in tomcat
Howdy, session-config in web.xml. It's in the Servlet Specification. Yoav Shapira Millennium ChemInformatics -Original Message- From: Ravi Pachipala [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 3:27 PM To: '[EMAIL PROTECTED]' Subject: session timeout in tomcat Hi, I am using Tomcat 4.1.24. After running some tests/sessions sequentially, the Tomcat is exiting with outofmemory error. What are the paramters that control session timeout in Tomcat? I see the following paratmeters in server.xml but none of these seem to relate to idel timeout. Thanks Ravi Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout in tomcat
Thanks. That works. Ravi -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:20 PM To: Tomcat Users List Subject: RE: session timeout in tomcat Howdy, session-config in web.xml. It's in the Servlet Specification. Yoav Shapira Millennium ChemInformatics -Original Message- From: Ravi Pachipala [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 3:27 PM To: '[EMAIL PROTECTED]' Subject: session timeout in tomcat Hi, I am using Tomcat 4.1.24. After running some tests/sessions sequentially, the Tomcat is exiting with outofmemory error. What are the paramters that control session timeout in Tomcat? I see the following paratmeters in server.xml but none of these seem to relate to idel timeout. Thanks Ravi Manager className=org.apache.catalina.session.PersistentManager debug=0 saveOnRestart=false maxActiveSessions=-1 minIdleSwap=-1 maxIdleSwap=-1 maxIdleBackup=-1 Store className=org.apache.catalina.session.FileStore/ /Manager This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session timeout not working anymore :(
I admit not not looking at this in detail. But the lack or a 'return;' statement after the jsp:forward is a major red flag. Sundar Narasimhan [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm running out of options -- but is there a problem with getSession(false)? Sigh. We used to have a piece of code included in our jsp's like so: header-inc % if (request.getSession(false) == null) { % jsp:forward page=logout.jsp?TIMEOUT=60 /jsp:forward % } % jsp:useBean id=user scope=session class=webapps.common.User/ header-inc and that was included in our files like so. That used to work.. but now when I have struts-html and struts-bean.. it always fails. Is there something wrong with getSession(false) now? The stack doesn't seem to include the struts generated servlets.. so I'm really puzzled!! Any help will be much appreciated even if it's only to say.. it's not struts :) I'm running Tomcat 4.18 on Windows XP. Thanks. main.jsp !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % html:html HEAD %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1 % META http-equiv=Content-Type content=text/html; charset=ISO-8859-1 META name=GENERATOR content=IBM WebSphere Studio META http-equiv=Content-Style-Type content=text/css LINK href=theme/tigris.css rel=stylesheet type=text/css TITLE/TITLE /HEAD body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 class=composite %@ include file=header-inc.jsp % --- javax.servlet.ServletException: class com.ascent.webapps.common.User : java.lang.InstantiationException: com.ascent.webapps.common.User at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp l.java:533) at org.apache.jsp.contactus_jsp._jspService(contactus_jsp.java:355) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 04) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:386) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:530) at
Re: session timeout not working anymore :(
What used to worked? What behavior are you expecting that you no longer observe? If I was to guess at what you're expecting to happen... I would guess that you are expecting that getSession(false) would equal null at some point and that never happens? This causes the useBean directive to fail. Try including a page directive for the JSP page not to participate in sessions. That is, insert the page directive before the DOCTYPE line. %@ page session=false %!DOCTYPE ... If not otherwise instructed the JSP compiler will automatically create a new HttpSession object for you by inserting the call HttpSession = request.getSession(true) into your compiled JSP code. Unless you suppress this behavior, your test in header-inc.jsp will always fail. At 23:35 2003-02-04 -0500, you wrote: Hi, I'm running out of options -- but is there a problem with getSession(false)? Sigh. We used to have a piece of code included in our jsp's like so: header-inc % if (request.getSession(false) == null) { % jsp:forward page=logout.jsp?TIMEOUT=60 /jsp:forward % } % jsp:useBean id=user scope=session class=webapps.common.User/ header-inc and that was included in our files like so. That used to work.. but now when I have struts-html and struts-bean.. it always fails. Is there something wrong with getSession(false) now? The stack doesn't seem to include the struts generated servlets.. so I'm really puzzled!! Any help will be much appreciated even if it's only to say.. it's not struts :) I'm running Tomcat 4.18 on Windows XP. Thanks. main.jsp !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1 % %@ include file=header-inc.jsp % --- javax.servlet.ServletException: class com.ascent.webapps.common.User : java.lang.InstantiationException: com.ascent.webapps.common.User at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:533) at org.apache.jsp.contactus_jsp._jspService(contactus_jsp.java:355) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:386) at
Re: session timeout not working anymore :(
On Tue, 4 Feb 2003, Sundar Narasimhan wrote: Date: Tue, 4 Feb 2003 23:35:38 -0500 From: Sundar Narasimhan [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: session timeout not working anymore :( Hi, I'm running out of options -- but is there a problem with getSession(false)? Sigh. We used to have a piece of code included in our jsp's like so: header-inc % if (request.getSession(false) == null) { % jsp:forward page=logout.jsp?TIMEOUT=60 /jsp:forward % } % jsp:useBean id=user scope=session class=webapps.common.User/ header-inc and that was included in our files like so. That used to work.. but now when I have struts-html and struts-bean.. it always fails. Is there something wrong with getSession(false) now? The stack doesn't seem to include the struts generated servlets.. so I'm really puzzled!! Any help will be much appreciated even if it's only to say.. it's not struts :) That's the right answer :-). The exception is not happening in Struts, it is happening inside your page. I'm running Tomcat 4.18 on Windows XP. Thanks. main.jsp !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % html:html HEAD %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1 % META http-equiv=Content-Type content=text/html; charset=ISO-8859-1 META name=GENERATOR content=IBM WebSphere Studio META http-equiv=Content-Style-Type content=text/css LINK href=theme/tigris.css rel=stylesheet type=text/css TITLE/TITLE /HEAD body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 class=composite %@ include file=header-inc.jsp % --- javax.servlet.ServletException: class com.ascent.webapps.common.User : java.lang.InstantiationException: com.ascent.webapps.common.User This is the key to the problem -- for some reason, the page is not able to create an instance of your com.ascent.webapps.common.User class. Why it is even trying to do so must be in some code you have not shown us yet, but the most common causes are: * You don't have a copy of this class visible to the webapp. * The class is not public. * The class does not have a public, no-args constructor. * Somewhere in the constructor, or one of the initialization expressions for your class's instance variables, an exception is getting thrown. Craig McClanahan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
IMHO: Your web app web.xml overrides Tomcat's web.xml. Your application code overrides both. I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
Thanks for the reply. That's kind of what I suspected, but couldn't find anything that stated so -Original Message- From: mech [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 1:32 PM To: 'Tomcat Users List' Subject: RE: Session Timeout - Who has the final decision? IMHO: Your web app web.xml overrides Tomcat's web.xml. Your application code overrides both. I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] This transmission (and any information attached to it) may be confidential and is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient or the person responsible for delivering the transmission to the intended recipient, be advised that you have received this transmission in error and that any use, dissemination, forwarding, printing, or copying of this information is strictly prohibited. If you have received this transmission in error, please immediately notify LabOne at the following email address: [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
Howdy, Consider the order in which these settings are applied: Tomcat timeout is 30 minutes Applied on tomcat startup. Web Appl. timeout is 45 minutes Overrides above when your context starts up. session.setMaxInactiveInterval 3600 seconds (or 60 minutes) Overrides above when the code executes. You wouldn't find this stated in a document most likely. It's just kind of an observation because of the order things are executed. There can be no conflict within the server on this matter. Yoav Shapira Millennium ChemInformatics -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session Timeout - Who has the final decision?
On Mon, 27 Jan 2003, Jerry Jalenak wrote: Date: Mon, 27 Jan 2003 13:22:47 -0600 From: Jerry Jalenak [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: Session Timeout - Who has the final decision? Hi All, I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) Whichever value is set last always wins. Presumably, if your app is explicitly setting this, it was done after the session was created (which is when the initial default value is applied). You can call setMaxInactiveInterval() on a given session instance as many times as you like, and the last value you set is always the one that will apply when the current request completes. does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? Well, you could always *try* this and see for yourself too :-). TIA! Jerry Jalenak Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout setting (Getting desperate)
did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Hi, Kenny. I think this is basically how it works: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I hope this helps you find the problem. -Jeff Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/20/02 09:05 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Re: Session timeout setting (URGENT) Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Kenny G. Dubuisson, Jr. typed the following on 09:05 20/12/2002 -0600 Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. This is a standard configuration in the web.xml file, use: session-configsession-timeout60/session-timeout/session-config Make sure it's in the right place inside the web.xml file, after servlet-mappings. You can also set it programmatically using HttpSession.setMaxInactiveInterval(), which uses seconds rather than minutes. Plus, check out the PersistentSessionManager, which can be used to get really long session timeouts by swapping idle sessions out to disk. Kief -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout setting (Getting desperate)
Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:29 AM To: 'Tomcat Users List' Subject: RE: Session timeout setting (Getting desperate) did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Thanks for the quick response. Here are my responses: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. That makes sense to me but the setting in my $CATALINA_HOME/conf/web.xml is set to 30 mins which to me says that Tomcat is not using it. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. I haven't created a web.xml for my app...should I? I tried copying the $CATALINA_HOME/conf/web.xml over to my app's WEB-INF directory and changing the session-timeout setting to 120 mins to see if it worked. The problem was that my app totally stopped working; I couldn't even get my main login page to display. This says to me that there is a lot more involved in creating a web.xml than just copying it over from the conf directory. But realistically I don't really want to create one just for my app; my app is and will be the only app on my server. I would rather try to get Tomcat to use the setting in the conf/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I have no qualms about putting this in my code but not quite sure how to use it. Would I fetch the session ID and then call this method and it would keep from resetting the session ID the next time I go to check it. I guess my question mainly is would I call this method once upon login to my app and from then on every other page would use the timeout that the method call sets? Thanks so much for the info. Kenny - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:34 AM Subject: Re: Session timeout setting (URGENT) Hi, Kenny. I think this is basically how it works: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I hope this helps you find the problem. -Jeff Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/20/02 09:05 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Re: Session timeout setting (URGENT) Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
Thanks for the response. Here is my questions? This is a standard configuration in the web.xml file, use: session-configsession-timeout60/session-timeout/session-config I checked my $CATALINA_HOME/conf/web.xml file and it currently has the setting set to 30 mins. This says to me that this setting is not getting used. I changed it to 120 and verified that 60 mins was still the default. Any idea of why my web.xml is not getting used? I do not have an application specific web.xml...the one in the conf directory is the only one I have. Plus, check out the PersistentSessionManager, which can be used to get really long session timeouts by swapping idle sessions out to disk. I read about this in the Tomcat docs but I'm not quite sure how to implement this. Is there a simple howto on this that you know of? Thanks, Kenny - Original Message - From: Kief Morris [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:36 AM Subject: Re: Session timeout setting (URGENT) Kenny G. Dubuisson, Jr. typed the following on 09:05 20/12/2002 -0600 Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. This is a standard configuration in the web.xml file, use: session-configsession-timeout60/session-timeout/session-config Make sure it's in the right place inside the web.xml file, after servlet-mappings. You can also set it programmatically using HttpSession.setMaxInactiveInterval(), which uses seconds rather than minutes. Plus, check out the PersistentSessionManager, which can be used to get really long session timeouts by swapping idle sessions out to disk. Kief -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (Getting desperate)
Thanks for the info. Here is my question: Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) I don't see such an app on my system. I'm running Tomcat 4.0.5. I went to the $CATALINA_HOME/webapps directory and see no such admin directory. Also, I examined my config files and see no such mapping for the admin app. Is this something I missed on the install? I would be very interested to see the Tomcat admin app if I could add it in now. Maybe the session setting is available via this missing app. Thanks, Kenny - Original Message - From: Jim Henderson [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:47 AM Subject: RE: Session timeout setting (Getting desperate) Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:29 AM To: 'Tomcat Users List' Subject: RE: Session timeout setting (Getting desperate) did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds
RE: Session timeout setting (Getting desperate)
The path I gave you is for Tomcat 4.1. For 4.0 you will have to define the manager in the $CATALINA_HOME/conf/tomcat-users.xml. Look at documentation at: http://localhost:8080/tomcat-docs/manager-howto.html. Sorry, it is not as simple in 4.0. -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 10:40 AM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Thanks for the info. Here is my question: Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) I don't see such an app on my system. I'm running Tomcat 4.0.5. I went to the $CATALINA_HOME/webapps directory and see no such admin directory. Also, I examined my config files and see no such mapping for the admin app. Is this something I missed on the install? I would be very interested to see the Tomcat admin app if I could add it in now. Maybe the session setting is available via this missing app. Thanks, Kenny - Original Message - From: Jim Henderson [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:47 AM Subject: RE: Session timeout setting (Getting desperate) Try using the Tomcat Administration tools and see how it displays the session timeout in it's WEB pages. (http://localhost:8080/admin/login.jsp) -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:29 AM To: 'Tomcat Users List' Subject: RE: Session timeout setting (Getting desperate) did you have any errors in the log file? It may be something as simple as not putting the session-timeout in the correct order in the web.xml Charlie -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:51 PM To: Tomcat Users List Subject: Re: Session timeout setting (Getting desperate) Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have
Re: Session timeout setting (URGENT)
Ken, Let me qualify this before giving you a possibility. I have just started working with Tomcat as a programmer (I'm mostly a system admin / integrator / architect). And as another person on the mailing list has pointed out, I am not a part of any apache.org development team. That said, I thought I would do a little bit of research on your problem and try to help. I'm using as a reference Java Servlet Programming, Second Edition by Jason Hunter with William Crawford. On pages 216-218, session timeout is discussed. It appears that the following snippet of xml should be placed in your web application web.xml file. session-config session-timeout 60 /session-timeout /session-config This sets the session timeout to 60 minutes. Before going on, I noticed that the session timeout in the Tomcat web.xml is set at 30 minutes (at least in my installation of 4.1.12). So I am not sure where your 60 minute timeout is coming from. The book also goes on to say that the session timeout can be configured individually for a session with getMaxInactiveInterval() and setMaxInactiveInterval(). The methods take (int) seconds as the argument, not minutes. Previous pages (212-216) talk about the session tracking API and how to manage long term sessions. The session tracking API section ends on page 229. In short, there should be something useful in there that can help you out of your problem. I hope I've not been too pendantic and that this gives you enough information to help you solve your problem. /mde/ just my two cents . . . . __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout setting (URGENT)
Mark, nice job! I have learned a thing or two from your note. When one (at least this one) is in a hurry to put together an application, they often gloss over important details. Thanks! -Original Message- From: Mark Eggers [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 11:38 AM To: Tomcat Users List Subject: Re: Session timeout setting (URGENT) Ken, Let me qualify this before giving you a possibility. I have just started working with Tomcat as a programmer (I'm mostly a system admin / integrator / architect). And as another person on the mailing list has pointed out, I am not a part of any apache.org development team. That said, I thought I would do a little bit of research on your problem and try to help. I'm using as a reference Java Servlet Programming, Second Edition by Jason Hunter with William Crawford. On pages 216-218, session timeout is discussed. It appears that the following snippet of xml should be placed in your web application web.xml file. session-config session-timeout 60 /session-timeout /session-config This sets the session timeout to 60 minutes. Before going on, I noticed that the session timeout in the Tomcat web.xml is set at 30 minutes (at least in my installation of 4.1.12). So I am not sure where your 60 minute timeout is coming from. The book also goes on to say that the session timeout can be configured individually for a session with getMaxInactiveInterval() and setMaxInactiveInterval(). The methods take (int) seconds as the argument, not minutes. Previous pages (212-216) talk about the session tracking API and how to manage long term sessions. The session tracking API section ends on page 229. In short, there should be something useful in there that can help you out of your problem. I hope I've not been too pendantic and that this gives you enough information to help you solve your problem. /mde/ just my two cents . . . . __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (URGENT)
On Fri, 20 Dec 2002, Kenny G. Dubuisson, Jr. wrote: Thanks for the quick response. Here are my responses: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. That makes sense to me but the setting in my $CATALINA_HOME/conf/web.xml is set to 30 mins which to me says that Tomcat is not using it. I just posted a response in this thread, and as I suggested there, my sense is that what's going on with your webapp is not related to the tomcat session timeout. I suspect there is something else going on, and you're going to need to do some further investigation on your own and/or provide more information to us to get to the bottom of it. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. I haven't created a web.xml for my app...should I? I tried copying I'd say you should -- regardless of its relation to this problem. It is a good idea to define your servlets, and provide mapping's to access them. The conf/web.xml will allow you to provide some site-wide defaults, but it does nothing specific to your webapp. the $CATALINA_HOME/conf/web.xml over to my app's WEB-INF directory and changing the session-timeout setting to 120 mins to see if it worked. The problem was that my app totally stopped working; I couldn't even get my main login page to display. This says to me that there is a lot more involved in creating a web.xml than just copying it over from the conf directory. But realistically I don't And that is something that you should probably learn, because it may help in this situation, and if not, it quite likely will help in the future. webapp-specific web.xmls's do not have to be very complicated. really want to create one just for my app; my app is and will be the only app on my server. I would rather try to get Tomcat to use the setting in the conf/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I have no qualms about putting this in my code but not quite sure how to use it. Would I fetch the session ID and then call this method and it would keep from resetting the session ID the next time I go to check it. I guess my question mainly is would I call this method once upon login to my app and from then on every other page would use the timeout that the method call sets? - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 20, 2002 9:34 AM Subject: Re: Session timeout setting (URGENT) Hi, Kenny. I think this is basically how it works: - Tomcat's conf web.xml sets the default session-timeout (in session-config element) to use for all web apps. - You can specify a different session-timeout in each specific web app you deploy in the web app's WEB-INF/web.xml file. - This session timeout can still be overridden in application code using the session.setMaxInactiveInterval method. I hope this helps you find the problem. -Jeff Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/20/02 09:05 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Re: Session timeout setting (URGENT) Simple minded as I am, I still believe with everything I have that there MUST be a setting in Tomcat that controls how often new session ID's are generated. If I have a simple page that does nothing but a session.getId() and it returns a new session ID every 60 mins, there must be something in Tomcat that sets this interval. Obviously this setting is missing from my config files so that Tomcat uses it's default. Has no one ever wanted to change this setting before? I hate to sound beligerent but I've authored and released what I feel to be a very nice application/web site but the only feedback I'm getting is litterally users screaming at me because I haven't fixed this yet. I'm going to have to start looking at redesigning the login/verification process on every page (not a big site but still 20K of code) to work around this issue when I feel it has to be a simple setting. If someone could answer this I'll give you my first born, send expensive Christmas presents, lend you my wife. Thanking / Praising you in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED
Re: Session timeout setting
My guess is that the application is probably overriding the setting in your web.xml by using the setMaxInactiveInterval method on the session object. Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/19/02 09:07 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Session timeout setting Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting
No where in my code am I calling that method. Maybe I should??? Thanks, Kenny - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 9:27 AM Subject: Re: Session timeout setting My guess is that the application is probably overriding the setting in your web.xml by using the setMaxInactiveInterval method on the session object. Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] 12/19/02 09:07 AM Please respond to Tomcat Users List To: Tomcat Users List [EMAIL PROTECTED] cc: Subject:Session timeout setting Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting
On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting
I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting (Getting desperate)
Just for a test, I tried moving the web.xml file in the $CATALINA_HOME/conf directory to my application's WEB-INF directory and set the session-timeout setting to 60. Restarted Tomcat and then my application quit working (wouldn't even load the first JSP page). Needless to say I removed the web.xml file from my application and restarted Tomcat to get my app back working. Still no luck in fixing the default session timeout in Tomcat. Any ideas whatsoever would be very much appreciated...I was supposed to have this fixed yesterday and I'm totally out of ideas. Thanks, Kenny - Original Message - From: Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:25 AM Subject: Re: Session timeout setting I'm running Tomcat 4.0.5. Hope this helps. Thanks, Kenny - Original Message - From: Fabio Mengue [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:13 AM Subject: Re: Session timeout setting On Tomcat 4.0.x, you had a Manager property for this (in server.xml, called |maxInactiveInterval|). Docs say **The value for this property is inherited automatically if you specify a |session-timeout| element in the web application deployment descriptor (|/WEB-INF/web.xml|). (http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/manager.html) I just looked 4.1.x docs (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/manager.html) and the property is gone :) What version are you using ? Perhaps now it MUST be set on web.xml... I have a problem like yours. Development team will release an application soon that will require users to have sessions that last more that 1 hour; it's much much easier (for them) to just create a session and configure Tomcat to hold it for a whole day. Scalability is not on their minds, of course :) I think that has to be another way, something like Persistent Manager Implementation. Anyone knows a better way to solve this problem ? Thanks a lot, F. Kenny G. Dubuisson, Jr. wrote: Sorry to repost this but I'm kind of in a bind (got users about to lynch me which may or may not be a bad thing). Anyway...session ID's on my site (using Tomcat) are getting regenerated after a user has been logged in for 60 mins. I would like to change this to a higher value but don't know where to set it. I've read throught posts on this list and I've seen some things mention the web.xml file and its session-timeout setting but my web.xml session-timeout setting is currently set to 30 mins in that file so that can't be the proper setting that I'm looking for. Any ideas would be greatly appreicated. My users are upset that they have to re-login evey hour on an application that they use all day. Thanks in advance, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Fabio Mengue - Centro de Computacao - Unicamp [EMAIL PROTECTED] [EMAIL PROTECTED] pi seconds is a nanocentury. - Tom Duff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Session timeout setting
You didn't mention which Tomcat version you are using, so I'm going to assume 4.x. You need to add (between servlet-mappings and mime-mappingss): session-config session-timout${minutes}/session-timeout /session-config to conf/web.xml (where, of course, ${minutes} is replaced with the numerical value of the number of minutes you want :). This will change the time-out server-wide unless any web-app has a similar declaration. Of course, this will work with all released versions of Tomcat (= 3.2.x) if you include it in your own web-app's web.xml file. Kenny G. Dubuisson, Jr. [EMAIL PROTECTED] wrote in message 005401c2a6aa$56e75ed0$1901a8c0@site13">news:005401c2a6aa$56e75ed0$1901a8c0@site13... I have a web site using JSP that, when the user logs in, sets a cookie with the current session ID. Every page visited thereafter checks the current session ID with the stored one in the cookie. I've found that the session ID changes after 60 mins (which invalidates my user's session). Is there a setting in Tomcat that controls the amount of session time before changing the session ID? I want to increase it beyond 60 mins but I've yet to find out how. Thanks in advance, Kenny FYI: I'm using Tomcat 4.0.5 as my JSP/servlet server. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout
I guess you should have a look into javax.servlet.http.HttpSessionBindingListener and .HttpSessionEvent to monitor if a session is created or destroyed. -Original Message- From: Lindomar [mailto:[EMAIL PROTECTED]] Sent: Montag, 16. Dezember 2002 14:00 To: Tomcat Users List Subject: Session timeout Hi everybody! How can i create a process exactly after session timeout or user invalidate the session? Is it possible? I think yes, but i didn't find how do it yet... Can anybody give me any idea ? Thanks in advanced. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: session timeout on Tomcat
Your browsers shared the session which is what the session id being the same suggests. Use two physicly separate computers (KVM switch ok) to do the same test to be absolutely sure that this is still happening (it won't :) d. randie ursal wrote: hi, could somebody explain to me what possibly went wrong about my application. what i did was, i set the maxInactiveIinterval time for 30 secs. on my servlet then i added to my HttpSession object an object that implements HttpSessionBindingListener so that i can keep track and see what happen when session expires. this scenario works fine, my session was invalidated after session timeout and the sessionlistener was notified. my problem is when i access my web application by using two browsers and let the 1st browser remain idle until session expires. the 2nd browser session also expires when 1st browser session expires i can say this because it put a trace line on valueUnbound of the sessionlistener object and two session id were displayed this was the session of both browser. what went wrong with this? i'm using Tomcat 4.0 thanks a lot randie -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 *** Disclaimer This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. *** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: session timeout on Tomcat
i tried it between two computers..the same behavior happen. actually each browser has unique session ids because i print it every time a new session has been created. also, i made some more investigation and testing and i found out that session expiration depends on Tomcat startup time...ex. if Tomcat starts at 1:10 mins. then if you have a new session that starts at 1:20 with duration of 20 secs., suppose to be it should stop at 1:40 but it would continue until 2:10. so, if you have another session between server startup take for example at 1:30 this would be included on the session expiration when it reaches the next minute of server startup. they said it has to do with Tomcatis this true? are there some detail documentation i need to read in order to be familiar with Tomcat on how it handles session timeout? thanks a lot. David Mossakowski wrote: Your browsers shared the session which is what the session id being the same suggests. Use two physicly separate computers (KVM switch ok) to do the same test to be absolutely sure that this is still happening (it won't :) d. randie ursal wrote: hi, could somebody explain to me what possibly went wrong about my application. what i did was, i set the maxInactiveIinterval time for 30 secs. on my servlet then i added to my HttpSession object an object that implements HttpSessionBindingListener so that i can keep track and see what happen when session expires. this scenario works fine, my session was invalidated after session timeout and the sessionlistener was notified. my problem is when i access my web application by using two browsers and let the 1st browser remain idle until session expires. the 2nd browser session also expires when 1st browser session expires i can say this because it put a trace line on valueUnbound of the sessionlistener object and two session id were displayed this was the session of both browser. what went wrong with this? i'm using Tomcat 4.0 thanks a lot randie -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: session timeout
Are you sure you wan't your sessions to never timeout?? Over time this could be a substantial load on your server.. Øyvind Øyvind Vestavik Øvre Møllenberggt 44b 7014 Trondheim [EMAIL PROTECTED] 41422911 On Wed, 14 Aug 2002, Koes, Derrick wrote: How closely does Tomcat follow the servlet specification concerning web.xml? I added the following to my web.xml, but the session seems to timeout immediately (0 minutes). session-config session-timeout0/session-timeout /session-config However, the servlet 2.3 spec states: If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. The bottom line is I need to know how to make my webapp's session never timeout. Can anyone help? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: session timeout
Hi, (Too lazy to dig up the spec for the nth time today) I thought the spec said -1 ensures they never expire. Not 0 or less. Did you try -1? Yoav Shapira Millennium ChemInformatics -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:12 AM To: '[EMAIL PROTECTED]' Subject: session timeout How closely does Tomcat follow the servlet specification concerning web.xml? I added the following to my web.xml, but the session seems to timeout immediately (0 minutes). session-config session-timeout0/session-timeout /session-config However, the servlet 2.3 spec states: If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. The bottom line is I need to know how to make my webapp's session never timeout. Can anyone help? This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: session timeout
-1 seems to work, at least I have much better results than with 0. I quoted directly from the servlet 2.3 FCS spec. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:17 AM To: Tomcat Users List Subject: RE: session timeout Hi, (Too lazy to dig up the spec for the nth time today) I thought the spec said -1 ensures they never expire. Not 0 or less. Did you try -1? Yoav Shapira Millennium ChemInformatics -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:12 AM To: '[EMAIL PROTECTED]' Subject: session timeout How closely does Tomcat follow the servlet specification concerning web.xml? I added the following to my web.xml, but the session seems to timeout immediately (0 minutes). session-config session-timeout0/session-timeout /session-config However, the servlet 2.3 spec states: If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. The bottom line is I need to know how to make my webapp's session never timeout. Can anyone help? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: session timeout
Hi, No longer too lazy to dig up the spec, as this is too serious. Indeed, it seems like SRV.13.3, page 110 and SRV.7.5, page 51 disagree on this point. Craig, will this be amended in SRV 2.4? ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:36 AM To: 'Tomcat Users List' Subject: RE: session timeout -1 seems to work, at least I have much better results than with 0. I quoted directly from the servlet 2.3 FCS spec. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:17 AM To: Tomcat Users List Subject: RE: session timeout Hi, (Too lazy to dig up the spec for the nth time today) I thought the spec said -1 ensures they never expire. Not 0 or less. Did you try -1? Yoav Shapira Millennium ChemInformatics -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:12 AM To: '[EMAIL PROTECTED]' Subject: session timeout How closely does Tomcat follow the servlet specification concerning web.xml? I added the following to my web.xml, but the session seems to timeout immediately (0 minutes). session-config session-timeout0/session-timeout /session-config However, the servlet 2.3 spec states: If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. The bottom line is I need to know how to make my webapp's session never timeout. Can anyone help? -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: session timeout
On Wed, 14 Aug 2002, Koes, Derrick wrote: Date: Wed, 14 Aug 2002 16:11:48 +0100 From: Koes, Derrick [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: session timeout How closely does Tomcat follow the servlet specification concerning web.xml? Any failure of Tomcat to conform is a bug that should be fixed. I added the following to my web.xml, but the session seems to timeout immediately (0 minutes). session-config session-timeout0/session-timeout /session-config However, the servlet 2.3 spec states: If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. Please submit a bug report to http://nagoya.apache.org/bugzilla/ The bottom line is I need to know how to make my webapp's session never timeout. Can anyone help? Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: session timeout
On Wed, 14 Aug 2002, Shapira, Yoav wrote: Date: Wed, 14 Aug 2002 11:55:36 -0400 From: Shapira, Yoav [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: RE: session timeout Hi, No longer too lazy to dig up the spec, as this is too serious. Indeed, it seems like SRV.13.3, page 110 and SRV.7.5, page 51 disagree on this point. I don't see how they are in conflict -- 13.3 talks about how you configure session timeouts in web.xml, while 7.5 talks about the value returned by HttpSession.getMaxInactiveInterval(). In other words, if you configure a zero in web.xml, and you haven't called setMaxInactiveInterval() on a particular session, calling getMaxInactiveInterval() should return a negative value (the precise value is not specified). Craig, will this be amended in SRV 2.4? ;) The language is the same (although in 2.4 the definition of the deployment descriptor is now in an XML Schema instead of a DTD. Yoav Shapira Millennium ChemInformatics Craig -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:36 AM To: 'Tomcat Users List' Subject: RE: session timeout -1 seems to work, at least I have much better results than with 0. I quoted directly from the servlet 2.3 FCS spec. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:17 AM To: Tomcat Users List Subject: RE: session timeout Hi, (Too lazy to dig up the spec for the nth time today) I thought the spec said -1 ensures they never expire. Not 0 or less. Did you try -1? Yoav Shapira Millennium ChemInformatics -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:12 AM To: '[EMAIL PROTECTED]' Subject: session timeout How closely does Tomcat follow the servlet specification concerning web.xml? I added the following to my web.xml, but the session seems to timeout immediately (0 minutes). session-config session-timeout0/session-timeout /session-config However, the servlet 2.3 spec states: If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out. The bottom line is I need to know how to make my webapp's session never timeout. Can anyone help? -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session timeout mystery
Yes the servlet writes sessionId to system out when hit. eg.: 13:43:05, id=g5atkj09w1 14:08:06, id=g5atkj09w1 14:33:06, id=g5atkj09w1 Have you verified that the reload requests have hit the server ? (access.log or own log in the doGet) Some browser have there own opinion if and when they honor the cache prevention headers (especially some IE versions). -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: session timeout
I'm not sure how to do it in the config file but here it is in code... int hour = 60 * 60; hour = hour * 4; session.setMaxInactiveInterval(hour); this sets the inactivity timeout which is what I think you want. -Original Message- From: Jagan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 19, 2002 9:35 PM To: Tomcat Users List Subject: session timeout hi all! My session time is presnetly the default tomcat-session time. how to set session time so that the session will stay for longer? Regards Jagan Unidux Electronics Ltd. Email : [EMAIL PROTECTED] TEL : +65 293 4797 FAX : +65 293 4920 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: session timeout
look at the web.xml file under $CATALINA_HOME/conf, there's a sample web.xml file there that explains how to setup timeouts in your webapp. Just copy and paste into your webapp's web.xml. Remember the tag ordering is crucial in xml. -Original Message- From: Jagan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 19, 2002 11:35 PM To: Tomcat Users List Subject: session timeout hi all! My session time is presnetly the default tomcat-session time. how to set session time so that the session will stay for longer? Regards Jagan Unidux Electronics Ltd. Email : [EMAIL PROTECTED] TEL : +65 293 4797 FAX : +65 293 4920 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Session Timeout
I hope that in your TOMCAT_HOME/webapps/manager/web.xml file in /manager application, You should create a Manager role. i.e Your security constraint should look like following security-constraint web-resource-collection web-resource-name Entire Application /web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namemanager /role-name /auth-constraint /security-constraint once you have created this role in web.xml of manager application, you need to add the user with role as manager as you have already done. Restart Tomcat. It should work now. Thanks Hari --- Sunil Mathew [EMAIL PROTECTED] wrote: Hi All, How can I see the current session timeout and set a new value. The documentation gives the following url http://localhost:8080/manager/sessions?path=/examples But I am not able to see /manager eventhough I have setup user with manager role as: user name=admin password=admin roles=standard,manager / Can somebody help me on this? Thanks, Sunil Mathew. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Session Timeout
Hi, I tried setting session timeout to 5 mins using web.xml (please see the following code), but it does not seem to be working. In my jsp I displayed getMaxInactiveInterval() and it shows 1800 (30 mins). Can anyone please let me know if I can use web.xml for session timeout in jsp pages or not. I have never had it working on TC 3.2.3 (I think) and set it in the jsps instead. J. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Session Timeout
I think Justin is correct in stating to put the timeout in the JSP's. I bet the web.xml file is only for servlets. Anyone know for sure? Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 10:42 AM To: [EMAIL PROTECTED] Subject: Session Timeout Hi, I tried setting session timeout to 5 mins using web.xml (please see the following code), but it does not seem to be working. In my jsp I displayed getMaxInactiveInterval() and it shows 1800 (30 mins). Can anyone please let me know if I can use web.xml for session timeout in jsp pages or not. session-config session-timeout 5 /session-timeout /session-config Sumit. The information contained in this e-mail and any files transmitted with it may be privileged and confidential. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review, use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and notify the sender by reply e-mail or by calling 1-888-338-6076. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Session Timeout
I think Justin is correct in stating to put the timeout in the JSP's. I bet the web.xml file is only for servlets. Well jsps *are* servlets once they are compiled! Personally I think it's a bug but I have a workaround so I can get on with this huge pile of vitally important small changes to the text ;-) J. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Session Timeout
i am using 3.2.4 and it does not seem to be working. anyway i am using it in jsp. just thot to make it configurable. well i will have to go for a properties file for it then. thanks for all the replies. Sumit. -Original Message- From: Justin Rowles [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 11:53 AM To: 'Tomcat Users List' Subject: RE: Session Timeout Hi, I tried setting session timeout to 5 mins using web.xml (please see the following code), but it does not seem to be working. In my jsp I displayed getMaxInactiveInterval() and it shows 1800 (30 mins). Can anyone please let me know if I can use web.xml for session timeout in jsp pages or not. I have never had it working on TC 3.2.3 (I think) and set it in the jsps instead. J. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] The information contained in this e-mail and any files transmitted with it may be privileged and confidential. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review, use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and notify the sender by reply e-mail or by calling 1-888-338-6076. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Session Timeout
It works for me on TC 4.0.1. I have implemented a servlet that monitors all sessions currently active on my application (using the new HttpSessionListener interface) and I can see expired sessions. Maybe a problem of previous TC versions Thomas - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 30, 2002 5:42 PM Subject: Session Timeout Hi, I tried setting session timeout to 5 mins using web.xml (please see the following code), but it does not seem to be working. In my jsp I displayed getMaxInactiveInterval() and it shows 1800 (30 mins). Can anyone please let me know if I can use web.xml for session timeout in jsp pages or not. session-config session-timeout 5 /session-timeout /session-config Sumit. The information contained in this e-mail and any files transmitted with it may be privileged and confidential. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review, use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and notify the sender by reply e-mail or by calling 1-888-338-6076. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: session timeout action
Sobeck, James (ISS Atlanta) wrote: is there a way to check to see if the session has timed out? For 2.3, try: javax.servlet.http.HttpSessionListener, for =2.3, try: javax.servlet.http.HttpSessionBindingListener The javadocs have more info. -- Christopher St. John [EMAIL PROTECTED] DistribuTopia http://www.distributopia.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Session Timeout
When an object is unbound from the session, is when the session times out. - Original Message - From: Erwin Ambrosch [EMAIL PROTECTED] To: Tomcat Mailinglist [EMAIL PROTECTED] Sent: Friday, December 07, 2001 1:41 PM Subject: Session Timeout Hi! Is there an possibility to trigger application specific logic when the session timeout occurs (Servlet API 2.2). I know the HttpSessionBindingListener but the event is merely triggered if an application bounds or unbounds the object to/from the session. Thanks Erwin -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Session Timeout
Thanks Kim, it worked a treat! At 12:45 28/09/01 +0200, you wrote: You can do something like that: httpSession.setMaxInactiveInterval(yourintervalasintinseconds)); mfg. integris integrierte computersysteme GmbH i.A. Kim Hübel -- mailto:[EMAIL PROTECTED] http://www.integris.de Telefon: +49(6501)92800 Fax: +49(6501)2808 - Original Message - From: Fiona McEvoy [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 28, 2001 11:20 AM Subject: Session Timeout Running Tomcat 3.2, how do I set the default timeout for the session to more than 30 mins -I looked at the archives and I made changes to the session-timeout in server.xml file and the web.xml file as suggested, but this has not worked. Any advice much appreciated. Thanks, Fiona. ___ Fiona McEvoy, PROSE, 20 Grantham Street, Dublin 8, Ireland. Email: [EMAIL PROTECTED] Tel. (+353 1) 4783511, Fax. (+353 1) 4783937. ___ ___ Fiona McEvoy, PROSE, 20 Grantham Street, Dublin 8, Ireland. Email: [EMAIL PROTECTED] Tel. (+353 1) 4783511, Fax. (+353 1) 4783937. ___
Re: Session Timeout Problems
Hello, in which case did the timeout occurs? If it is after a long time since the last request i think it is normal. I made some tests with an MaxInactiveInterval of 15 secons. Then i saw, that the HttpSessionBindingListender notice the unbinding event at the latest of 60 secons after the last request. I think the container don't unbind the session immediately after the time is reached and waits for idle or so and then it erased it (max 4 Times of the settings). Try HttpSession.setMaxInactiveInterval (-1); for never ending session. Or like me a positiv time for other tests. Regards Matthias
Re: session timeout handling
Bo Xu wrote: [EMAIL PROTECTED] wrote: When a Tomcat session times out does it send you to a preset error page? What is the mechanism there? What is the best way to handle timed out users? Hi :-) I suggest you make a object witch implements javax.servlet.http.HttpSessionBindingListener, and put object into a session by setAttibute(...), then: - when that object is bounded into session, valueBound(...) will be called by container - when the session is timeout/inValidate(...), that object will be unbounded, then valueUnbound(...) will be called by container the following is a sample code from Servlet-List: class CleanUp implements HttpSessionBindingListener{ private String name; public CleanUp(String name){ this.name = name; } public void valueBound(HttpSessionBindingEvent evt){ System.out.println(in CleanUp, valueBound..., name=+name); } public void valueUnbound(HttpSessionBindingEvent evt){ System.out.println(in CleanUp, valueUnBound..., name=+name); } } in MyServlet: ... session.setAttribute( Cleaner, new CleanUp(...) ); ... * - if CleanUp.class is in WEB-INF/classes or in a jar file in WEB-INF/lib, it will be loaded by WebappClassloader - if CleanUp.class is in TOMCAT_HOME/classes or in a jar file in TOMCAT_HOME/lib, it will be loaded by SharedClassloader Bo June 22, 2001 Hi :-) I forgot one of another ways: javax.servlet.http.HttpSessionListener it is a new Interface in Servlet spec2.3 for Lifecycle events which includes: - public void sessionCreated(HttpSessionEvent se) - public void sessionDestroyed(HttpSessionEvent se) please see: http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi_p.html have a nice day :-) Bo June 23, 2001
RE: session timeout handling
When a Tomcat session times out does it send you to a preset error page? No. not unless you throw an exception due to dependence on something from session. You could develop an entire webapp without ever using the session and despite the fact you never use it it will still be instantiated. For obvious reasons. What is the mechanism there? No mechanism! What is the best way to handle timed out users? Depends. Do you have a security concern(if so you should be implementing Realms of some sort which manage the session timeout for you)? Are you requiring something to exist in the session for certain portions of your app? ... It all depends on what you specs and app requirements state. --- Michael Wentzel Software Developer Software As We Think - http://www.aswethink.com