Thanks, Tim.
I kind of remember reading that now. I need to look at my application
more carefully, to determine what is timing out.
G. Wade
Tim Funk wrote:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/host.html#Single%20Sign%20On
As soon as the user logs out of one web application (for example, by
invalidating or timing out the corresponding session if form based login is
used), the user's sessions in all web applications will be invalidated. Any
subsequent attempt to access a protected resource in any application will
require the user to authenticate himself or herself again.
-Tim
G. Wade Johnson wrote:
Thanks again for all of the responses so far on my Timeout issue.
I still have a problem, but it is not what I thought it was.
Apparently, there is a session-timeout/ set to 30 minutes in the
$CATALINA_HOME/conf/web.xml that I have. I don't recall changing this
(but I won't rule out the possibility). I modified that, and found
that I could get the session to expire at the time I specify.
This time, I looked at the cookies that were sent back just before I
get the login screen and found that Tomcat is sending a request to
delete the JSESSIONIDSSO cookie used by the SingleSignon valve.
Apparently, it is this valve and not Tomcat proper that is signing me
out after the timeout period.
Is this expected behavior?
Is there any way for me to work around this behavior?
Thanks again,
G. Wade
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
