RE: Sessions Timeout
I had a quick question about this. For a session to be refreshed by being accessed, does this count only direct calls to the specific URI's, or if I do a forward from another servlet context into it, will this count as access as well. I'd have *expected* any access to the session will put the clock back to start, so to speak. But someone with more in-depth knowledge may know for sure. J. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
AW: Sessions Timeout
I guess as far as the session cookie is sent back or the session id is appended to the url the session will be kept alive. But if you invoke that url from anywhere in space without sending the session cookie or without the session appended to the url a new session will be created and the old one times out. Oliver AXA eSolutions GmbH AXA Konzern AG Germany Oliver Lauer Web Architect Wörthstraße 34 D-50668 Köln Germany Tel.: +49 221 148 31277 Fax: +49 221 148 43963 Mobil: +49 179 59 064 59 e-Mail: [EMAIL PROTECTED] _ -Ursprüngliche Nachricht- Von: Justin Rowles [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 31. Januar 2002 11:19 An: 'Tomcat Users List' Betreff: RE: Sessions Timeout I had a quick question about this. For a session to be refreshed by being accessed, does this count only direct calls to the specific URI's, or if I do a forward from another servlet context into it, will this count as access as well. I'd have *expected* any access to the session will put the clock back to start, so to speak. But someone with more in-depth knowledge may know for sure. J. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach. Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist.Diese Nachricht ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen. For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorised use, publication, reproduction, copying or disclosure of the content of this e-mail is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately. == -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sessions Timeout
At 09:40 AM 01/29/2002 +, you wrote: Is there a way to configure Tomcat to check the expire time against last access time and not creation time? Sessions *are* invalidated when the timeout period has passed without access. *Not* when the timeout period has passed from creation. I had a quick question about this. For a session to be refreshed by being accessed, does this count only direct calls to the specific URI's, or if I do a forward from another servlet context into it, will this count as access as well. As far as I can tell, the servlet forwarding does not seem to refresh the session timeout value. I am using Tomcat 3.2.4 with crossContext values enabled. It is sitting on top of Apache 1.3.20 and mod_jk. Thanks in advance, Mario- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sessions Timeout
On Wed, 30 Jan 2002, Mario Felarca wrote: Date: Wed, 30 Jan 2002 12:03:56 -0600 From: Mario Felarca [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: RE: Sessions Timeout At 09:40 AM 01/29/2002 +, you wrote: Is there a way to configure Tomcat to check the expire time against last access time and not creation time? Sessions *are* invalidated when the timeout period has passed without access. *Not* when the timeout period has passed from creation. I had a quick question about this. For a session to be refreshed by being accessed, does this count only direct calls to the specific URI's, or if I do a forward from another servlet context into it, will this count as access as well. As far as I can tell, the servlet forwarding does not seem to refresh the session timeout value. A session is accessed only when the called servlet calls request.getSession(). When you cross servlet contexts, that *should* still work (I've never actually tried it) -- but you need to remember that there is a separate session in each context. I am using Tomcat 3.2.4 with crossContext values enabled. It is sitting on top of Apache 1.3.20 and mod_jk. Thanks in advance, Mario- Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Sessions Timeout
Hi Jason, the session method getMaxInactiveInterval() gives you the time-value, after that your inactive session is killed. You can change this value in the web.xml file. Anja -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sessions Timeout
Is there a way to configure Tomcat to check the expire time against last access time and not creation time? Sessions *are* invalidated when the timeout period has passed without access. *Not* when the timeout period has passed from creation. Justin. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sessions Timeout
the session method getMaxInactiveInterval() gives you the time-value, after that your inactive session is killed. You can change this value in the web.xml file. Or in the jsp - request.getSession.setMaxInactiveInterval(time in seconds). J. -- You're only jealous cos the little penguins are talking to me. *** For more information on Ordnance Survey products and services, visit our web site at http://www.ordnancesurvey.co.uk *** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Sessions Timeout
I have written an standalone application that is using servlets to login to the application and to get different data from a database behind a firewall. I want to limit the password and username from going over the net more often than necessary ( I use a MD5 hash of the password to get it accross the first time with a random Seed value), so I use JSESSIONID to identify a user and get back some objects I have stored in the session. The problem I run into is that the session expire after one hour. I know I can just expand this out to a few more hours, but I really dont want to do this because I do want to erase sessions that have not been used in more than an hour. Is there a way to configure Tomcat to check the expire time against last access time and not creation time? TIA Jason Tomcat 3.3 Apache 1.3.22 Windows 2000 Pro -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: How to disable sessions timeout?
Filip Hanik wrote: really, that doesn't sound right. You have to be able to disable the session timeout. This is taken from the servlet specification, you can set the timeout to -1 in web.xml for your web application or do it programatically. So is -1 doing the trick or the spec are not uptodate? EXTRACT The default timeout period for sessions is defined by the servlet container and can be obtained via the getMaxInactiveInterval method of the HttpSession interface. This timeout can be changed by the Developer using the setMaxInactiveInterval of the HttpSession interface. The timeout periods used by these methods is defined in seconds. If the timeout period for a session is set to -1, the session will never expire. /EXTRACT EXTRACT !ELEMENT session-timeout (#PCDATA) !-- The mime-mapping element defines a mapping between an extension and a mime type. -- /EXTRACT Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
How to disable sessions timeout?
Does removing the appropriate lines in server.xml would make my sessions lifetime? --mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How to disable sessions timeout?
hi, No, the default session timeout is 30 min. regards Hristo -Original Message- From: mike niemaz [EMAIL PROTECTED] To: tomcat-user [EMAIL PROTECTED] Date: Friday, February 16, 2001 2:29 PM Subject: How to disable sessions timeout? Does removing the appropriate lines in server.xml would make my sessions lifetime? --mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How to disable sessions timeout?
How to disable sessions timeout? No, the default session timeout is 30 min. really, that doesn't sound right. You have to be able to disable the session timeout. This is taken from the servlet specification, you can set the timeout to -1 in web.xml for your web application or do it programatically. EXTRACT The default timeout period for sessions is defined by the servlet container and can be obtained via the getMaxInactiveInterval method of the HttpSession interface. This timeout can be changed by the Developer using the setMaxInactiveInterval of the HttpSession interface. The timeout periods used by these methods is defined in seconds. If the timeout period for a session is set to -1, the session will never expire. /EXTRACT EXTRACT !ELEMENT session-timeout (#PCDATA) !-- The mime-mapping element defines a mapping between an extension and a mime type. -- /EXTRACT Filip ~ Namaste - I bow to the divine in you ~ Filip Hanik Software Architect [EMAIL PROTECTED] www.filip.net - Original Message - From: "Hristo Katsarski" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 16, 2001 5:39 AM Subject: Re: How to disable sessions timeout? hi, No, the default session timeout is 30 min. regards Hristo -Original Message- From: mike niemaz [EMAIL PROTECTED] To: tomcat-user [EMAIL PROTECTED] Date: Friday, February 16, 2001 2:29 PM Subject: How to disable sessions timeout? Does removing the appropriate lines in server.xml would make my sessions lifetime? --mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]