Tomcat behind IIS - Session timeout is ignored
Hello list, I have a problem with a tomcat 5.0.28 installation connected to IIS 6.0 (Windows 2003 server) with isapi_redirect.dll Everything is working well, except for the session timeout. The timeout is set to 60 minutes in the context's web.xml file (session-timeout60/session-timeout) which works great in many other installations (without IIS, though) As far as I could tell, the sessions are purely managed by tomcat, so IIS should not pose a problem, but still... Can anyone shed some light on this? Thanks, Tobias - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout issues
On 15/09/05, Leon Rosenberg [EMAIL PROTECTED] wrote: Hi, I don't know if this fits, but could it be, that your problem is related to the tomcat session synchronization bug? http://issues.apache.org/bugzilla/show_bug.cgi?id=36541 That does look like a potential issue. However, I think I may have tracked this down to cookies and switching between HTTP and HTTPS. There are two scenarios: 1) User starts at an HTTP page and is given a cookie. This cookie can be used in secure and non secure requests. 2) User starts at an HTTPS page and is given a cookie. This cookie is only valid for secure requests (because it has Set-Cookie: ;Secure in the response header). When a user is redirected to an HTTP page they are given a *new* cookie and a new HttpSession is created on the server. Can you tell me the exact semantics of the secure attribute on the connector element? The documentation just says Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received Thanks James Shaw On 9/15/05, James Shaw [EMAIL PROTECTED] wrote: On 14/09/05, James Shaw [EMAIL PROTECTED] wrote: I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. I have some more info on this problem. During the login process, the original JSESSIONID that tomcat gives to the browser is being lost and a new HttpSession with a new id is being created. So either the browser is not sending the cookie containing the session id, or Tomcat is somehow losing the id. Does anyone have an idea what this problem could be? Perhaps you could point me to some information about how Tomcat receives cookies and maps these to their respective HttpSession objects. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout issues
On 14/09/05, James Shaw [EMAIL PROTECTED] wrote: I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. I have some more info on this problem. During the login process, the original JSESSIONID that tomcat gives to the browser is being lost and a new HttpSession with a new id is being created. So either the browser is not sending the cookie containing the session id, or Tomcat is somehow losing the id. Does anyone have an idea what this problem could be? Perhaps you could point me to some information about how Tomcat receives cookies and maps these to their respective HttpSession objects. Thanks James Shaw - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session timeout issues
I have two issues relating to sessions: 1) Sessions seem to be expired too soon. This happens very infrequently for me (perhaps 1 in 1000 requests). I'm adding some HttpSessionListeners and HttpSessionAttributeListeners to attempt to locate this problem, but have little to go on at the moment. 2) Session objects are being expired too late. Some session objects are persisting for far longer than the 30 minutes I've specified in web.xml. I've checked this with an HttpSessionListener today, for example: Timestamp: Wed Sep 14 12:26:21 BST 2005 ID:C945C8BC10E58E3947A5475C001DBA35 Last Accessed: Wed Sep 14 11:35:43 BST 2005 Backtrace: at presentation.listener.DebugSessionListener.sessionDestroyed(DebugSessionListener.java:54) at org.apache.catalina.session.StandardSession.expire(StandardSession.java:675) at org.apache.catalina.session.StandardSession.isValid(StandardSession.java:567) at org.apache.catalina.session.ManagerBase.processExpires(ManagerBase.java:655) at org.apache.catalina.session.ManagerBase.backgroundProcess(ManagerBase.java:640) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1283) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1568) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1577) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1577) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1557) at java.lang.Thread.run(Unknown Source) I realise that this isn't enough information to really diagnose the problem but I'm hoping that you may be able to give me some suggestions for what to do next. Thanks in advance James Shaw - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session timeout problems
Hello, within my web application i defined a session timeout of 30 minutes. But some sessions strangly survive this timeout and keep being valid until an explicit call to invalidate(). I already implemented a HttpSessionListener to keep track of session creation, destruction, lastAccessedTime and MaxInactiveInterval. So i recieve a HttpSessionEvent for every session being created or destroyed. I recognized that i never got a call to sessionDestroyed(HttpSessionEvent) for those strange timeout survivers. I am quite lost and have no idea how to solve this situation. Any suggestions ? Greets, Joerg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How do you set the session timeout in tomcat so that the session only timeouts when the browser is closed?
How do you set the session timeout in tomcat so that the session only timeouts when the browser is closed? This e mail is from DLA Piper Rudnick Gray Cary UK LLP. The contents of this email and any attachments are confidential to the intended recipient. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If this email is received in error, please contact DLA Piper Rudnick Gray Cary UK LLP on +44 (0) 8700 11 quoting the name of the sender and the email address to which it has been sent and then delete it. Please note that neither DLA Piper Rudnick Gray Cary UK LLP nor the sender accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. DLA Piper Rudnick Gray Cary UK LLP is a limited liability partnership registered in England and Wales (registered number OC307847) which provides services from offices in England, Belgium, Germany and the People's Republic of China. A list of members is open for inspection at its registered office and principal place of business 3 Noble Street, London EC2V 7EE. Partner denotes member of a limited liability partnership. DLA Piper Rudnick Gray Cary UK LLP is regulated by the Law Society and is a member of DLA Piper Rudnick Gray Cary, a global legal services organisation, the members of which are separate and distinct legal entities. For further information, please refer to www.dlapiper.com.
RE: How do you set the session timeout in tomcat so that the session only timeouts when the browser is closed?
From: Harland, David [mailto:[EMAIL PROTECTED] How do you set the session timeout in tomcat so that the session only timeouts when the browser is closed? You don't. There is no way in any Web architecture of reliably detecting whether a browser has closed, or whether it has merely disconnected from the server for now and will be reconnecting later. This is a generic problem with any stateful browser-based application and is not specific to Tomcat. - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you set the session timeout in tomcat so that the session only timeouts when the browser is closed?
On 6/7/05, Harland, David [EMAIL PROTECTED] wrote: How do you set the session timeout in tomcat so that the session only timeouts when the browser is closed? Possible solution may be to refresh the page frequently and set a short interval for session time out. You might use a frame for this. If you use the AJAX approach to develop web applications it will be easy. I hadnt seen GMail session expired. -- rgds Anto Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
delete temporary content after session timeout
Hi, I have an app that uploads user files in a temporary folder. I want to delete them when the session ends. I know I could solve this with a cron-job, but I'm looking for a way to solve it with Tomcat. Does anyone have an idea how to solve it? Thx for your help in advance, cheers, Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: delete temporary content after session timeout
Write a SessionListener... it has two methods, one that fires when a session is created, one when it is destroyed. That should do the trick for you. That's not a Tomcat-specific solution either, so it should be rather portable should you ever need to move to another app server. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Bob Wobbler wrote: Hi, I have an app that uploads user files in a temporary folder. I want to delete them when the session ends. I know I could solve this with a cron-job, but I'm looking for a way to solve it with Tomcat. Does anyone have an idea how to solve it? Thx for your help in advance, cheers, Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: delete temporary content after session timeout
that sounds very useful, not something I've done before -- can I ask a few questions - 1) how does one bind that into Tomcat -- declare a session listener in (I presume) web.xml? 2) as I'm using Spring Framework, is this still relevant (or is there a spring-specific way of binding in a session listener --- sorry, ought to ask that on a spring list...) 3) can you recommend the best reference material / sites on managing sessions (standard tomcat docs seem to have nothing on sessions I can find.) Tim Frank W. Zammetti wrote: Write a SessionListener... it has two methods, one that fires when a session is created, one when it is destroyed. That should do the trick for you. That's not a Tomcat-specific solution either, so it should be rather portable should you ever need to move to another app server. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: delete temporary content after session timeout
Let's see...
(1) You are correct, it's nothing more than an entry in web.xml.
Remember, this isn't a Tomcat-specific thing, it's a J2EE thing (servlet
spec specifically I think), so it's YOUR APP'S web.xml. The entry is
simply:
listener
listener-classcom.company.app.MySessionListener/listener-class
/listener
Assuming that class is available to the classloader, your all set.
(2) I'm not too familiar with the Spring framework, but since it's still
built on top of the servlet spec, this would apply just the same, it
should be independant of app server and framework in use. Spring may
have it's own mechanism for doing this, but given the choice I'd chose
the standard approach, which is a listener.
(3) I don't have any good references handy, but just Googling
SessionListener will turn up plenty of hits. Just to save you some
time, here's the basic structure of a SessionListener class:
package com.company.app.MySessionListener
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
public class MySessionListener implements HttpSessionListener {
/**
* This method is called by the servlet container just after http
session is
* created.
*
* @param bevent/b HttpSessionEvent
*/
public void sessionCreated(HttpSessionEvent event) {
}
/**
* This method is called by the servlet container just before http
session is
* destroyed.
*
* @param bevent/b HttpSessionEvent
*/
public void sessionDestroyed(HttpSessionEvent event) {
}
}
Couldn't be simpler! You can do event.getSession() in both if you need
to do anything with the session (like, for the OP, if you have a
reference to the user ID who's directory you want to purge of temporary
files).
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
Tim Diggins wrote:
that sounds very useful, not something I've done before -- can I ask a
few questions -
1) how does one bind that into Tomcat -- declare a session listener in
(I presume) web.xml?
2) as I'm using Spring Framework, is this still relevant (or is there a
spring-specific way of binding in a session listener --- sorry, ought to
ask that on a spring list...)
3) can you recommend the best reference material / sites on managing
sessions (standard tomcat docs seem to have nothing on sessions I can
find.)
Tim
Frank W. Zammetti wrote:
Write a SessionListener... it has two methods, one that fires when a
session is created, one when it is destroyed. That should do the
trick for you. That's not a Tomcat-specific solution either, so it
should be rather portable should you ever need to move to another app
server.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
session-timeout
Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? Thk in advance Cedric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Think of the timeout as a 30 minute countdown timer. Every time there is any session activity, like a page request, the timers starts over. If the timer ever gets to 0, then the session times out. Jay Vertical Technology Group http://www.vtgroup.com/ -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 10:13 AM To: Tomcat Users List Subject: Re: session-timeout If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
thank you !! Jay Burgess wrote: Think of the timeout as a 30 minute countdown timer. Every time there is any session activity, like a page request, the timers starts over. If the timer ever gets to 0, then the session times out. Jay Vertical Technology Group http://www.vtgroup.com/ -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 10:13 AM To: Tomcat Users List Subject: Re: session-timeout If more than idle for 30 minutes. -Tim Cédric Buschini wrote: Hi every, from web.xml: session-config session-timeout30/session-timeout /session-config Does the session-timeout refer to an idle session or an active session ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Way to specify SingleSignOn session timeout?
After looking at the code, it looks like the SSO session doesn't go away until all other sessions for the user have expired. So, as far as I can tell, the SSO session doesn't have it's own session timeout as far as I can tell. Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 13, 2005 11:00 AM Subject: Re: Way to specify SingleSignOn session timeout? Thanks, but, I know how to set it for a given application. I want to know how to set it or at least find out what the default value is for the global session. I've noticed that there are two cookies. One is JSESSIONID which is for the application session. The other is JSESSIONSSO is is presumably for the global session. Jon - Original Message - From: Peter Rossbach [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, April 12, 2005 10:56 PM Subject: Re: Way to specify SingleSignOn session timeout? Look inside conf/web.xml !-- created sessions by modifying the value -- session-config session-timeout30/session-timeout /session-config Peter Jonathan Eric Miller schrieb: I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what the default session timeout is set to? Is there a way to specify this timeout? I'm finding that sometimes my session will timeout within an application, but, it doesn't redisplay the login page. I want to try to set it up so that the session timeout period is the same for all my applications (and the same for the global one) and that whenever the session times out, the login page is displayed. Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Way to specify SingleSignOn session timeout?
After looking at the code, it looks like the SSO session doesn't go away until all other sessions for the user have expired. So, as far as I can tell, the SSO session doesn't have it's own session timeout as far as I can tell. Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 13, 2005 11:00 AM Subject: Re: Way to specify SingleSignOn session timeout? Thanks, but, I know how to set it for a given application. I want to know how to set it or at least find out what the default value is for the global session. I've noticed that there are two cookies. One is JSESSIONID which is for the application session. The other is JSESSIONSSO is is presumably for the global session. Jon - Original Message - From: Peter Rossbach [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, April 12, 2005 10:56 PM Subject: Re: Way to specify SingleSignOn session timeout? Look inside conf/web.xml !-- created sessions by modifying the value -- session-config session-timeout30/session-timeout /session-config Peter Jonathan Eric Miller schrieb: I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what the default session timeout is set to? Is there a way to specify this timeout? I'm finding that sometimes my session will timeout within an application, but, it doesn't redisplay the login page. I want to try to set it up so that the session timeout period is the same for all my applications (and the same for the global one) and that whenever the session times out, the login page is displayed. Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Way to specify SingleSignOn session timeout?
On 4/14/05, Jonathan Eric Miller [EMAIL PROTECTED] wrote: After looking at the code, it looks like the SSO session doesn't go away until all other sessions for the user have expired. So, as far as I can tell, the SSO session doesn't have it's own session timeout as far as I can tell. Indeed. OTOH, if one of the sessions is explicitely invalidated, the SSO will go away right away. I think that's the most appropriate behavior, but changing it is very easy using a little code hacking. -- x Rémy Maucherat Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Way to specify SingleSignOn session timeout?
Thanks, but, I know how to set it for a given application. I want to know how to set it or at least find out what the default value is for the global session. I've noticed that there are two cookies. One is JSESSIONID which is for the application session. The other is JSESSIONSSO is is presumably for the global session. Jon - Original Message - From: Peter Rossbach [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, April 12, 2005 10:56 PM Subject: Re: Way to specify SingleSignOn session timeout? Look inside conf/web.xml !-- created sessions by modifying the value -- session-config session-timeout30/session-timeout /session-config Peter Jonathan Eric Miller schrieb: I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what the default session timeout is set to? Is there a way to specify this timeout? I'm finding that sometimes my session will timeout within an application, but, it doesn't redisplay the login page. I want to try to set it up so that the session timeout period is the same for all my applications (and the same for the global one) and that whenever the session times out, the login page is displayed. Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Running code on session timeout
Hey, I have been looking all over for a way to run code on a session time out. Basically, before a session times out, I need to perform some functionality on the data in that session. Ive read about Session Manager and Session Listeners, but I have not been able to find any examples of how these work. Is it possible to do what I am asking, and if so, does anyone know of a good reference site? Thanks - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running code on session timeout
Java Server Pages, 3rd Edition, O'Reilly - great book. I can send you an example later tonight. - Original Message - From: Chris Bender [EMAIL PROTECTED] Date: Wednesday, April 13, 2005 10:26 am Subject: Running code on session timeout Hey, I have been looking all over for a way to run code on a session time out. Basically, before a session times out, I need to perform some functionality on the data in that session. Ive read about Session Manager and Session Listeners, but I have not been able to find any examples of how these work. Is it possible to do what I am asking, and if so, does anyone know of a good reference site? Thanks --- -- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Way to specify SingleSignOn session timeout?
I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what the default session timeout is set to? Is there a way to specify this timeout? I'm finding that sometimes my session will timeout within an application, but, it doesn't redisplay the login page. I want to try to set it up so that the session timeout period is the same for all my applications (and the same for the global one) and that whenever the session times out, the login page is displayed. Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Way to specify SingleSignOn session timeout?
Look inside conf/web.xml !-- created sessions by modifying the value below. -- session-config session-timeout30/session-timeout /session-config Peter Jonathan Eric Miller schrieb: I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what the default session timeout is set to? Is there a way to specify this timeout? I'm finding that sometimes my session will timeout within an application, but, it doesn't redisplay the login page. I want to try to set it up so that the session timeout period is the same for all my applications (and the same for the global one) and that whenever the session times out, the login page is displayed. Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Unlimited session timeout
Hi,
I need in some exceptionnal condition to disable the session timeout for
one request.
Is there some convenient way to do so?
My idea is to do this but I'm unsure :
In the exceptionnal servlet (at the beginning):
session.setAttribute(OLD_TIMEOUT, new
Integer(session.getMaxInactiveInterval()));
session.setMaxInactiveInterval(-1);
In my filter:
Integer oldTimeout = (Integer) session.getAttribute(OLD_TIMEOUT);
if(oldTimeout != null) {
session.setMaxInactiveInterval(oldTimeout.intValue());
}
What do you think about this method is it safe/working?
Maybe there is a way to do it with session listeners (by cancelling the
call to invalidate, I don't know if it is possible).
Thank you.
David.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unlimited session timeout
you can set timeout from Tomcat Admin = Connections.
--- David Causse [EMAIL PROTECTED] wrote:
Hi,
I need in some exceptionnal condition to disable the
session timeout for
one request.
Is there some convenient way to do so?
My idea is to do this but I'm unsure :
In the exceptionnal servlet (at the beginning):
session.setAttribute(OLD_TIMEOUT, new
Integer(session.getMaxInactiveInterval()));
session.setMaxInactiveInterval(-1);
In my filter:
Integer oldTimeout = (Integer)
session.getAttribute(OLD_TIMEOUT);
if(oldTimeout != null) {
session.setMaxInactiveInterval(oldTimeout.intValue());
}
What do you think about this method is it
safe/working?
Maybe there is a way to do it with session listeners
(by cancelling the
call to invalidate, I don't know if it is possible).
Thank you.
David.
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-Ted
__
Yahoo! Messenger
Show us what our next emoticon should look like. Join the fun.
http://www.advision.webevents.yahoo.com/emoticontest
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unlimited session timeout
It is not my problem. I need to change it for only one servlet.
Thanks.
fed fin wrote:
you can set timeout from Tomcat Admin = Connections.
--- David Causse [EMAIL PROTECTED] wrote:
Hi,
I need in some exceptionnal condition to disable the
session timeout for
one request.
Is there some convenient way to do so?
My idea is to do this but I'm unsure :
In the exceptionnal servlet (at the beginning):
session.setAttribute(OLD_TIMEOUT, new
Integer(session.getMaxInactiveInterval()));
session.setMaxInactiveInterval(-1);
In my filter:
Integer oldTimeout = (Integer)
session.getAttribute(OLD_TIMEOUT);
if(oldTimeout != null) {
session.setMaxInactiveInterval(oldTimeout.intValue());
}
What do you think about this method is it
safe/working?
Maybe there is a way to do it with session listeners
(by cancelling the
call to invalidate, I don't know if it is possible).
Thank you.
David.
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-Ted
__
Yahoo! Messenger
Show us what our next emoticon should look like. Join the fun.
http://www.advision.webevents.yahoo.com/emoticontest
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Edit session timeout
Hello! How to edit session timeout? Tomcat's default value is 30mins... 30 minutes of inactivity then a session will expire... In my apps, i think 30minutes is too long.. i want 5 minutes of inactivity before session expires... is it in server.xml? i only see connectionTimeout which is 2? is connectionTimeout the same with sessionTimeout? Thanks and regards, Aris mailto:[EMAIL PROTECTED]
Re: Edit session timeout
From: Aris Javier [EMAIL PROTECTED] How to edit session timeout? Tomcat's default value is 30mins... Look in web.xml instead of server.xml. You can change it for the entire container, or on a per-webapp basis, depending on which web.xml you edit. (Works for Tomcat 4.1, I haven't moved to 5 yet...) -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Edit session timeout
I looked at my web.xml, and no sessionTimeout found there... can you give me an example on how to write it down in web.xml? thanks! aris -Original Message- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:25 PM To: Tomcat Users List Subject: Re: Edit session timeout From: Aris Javier [EMAIL PROTECTED] How to edit session timeout? Tomcat's default value is 30mins... Look in web.xml instead of server.xml. You can change it for the entire container, or on a per-webapp basis, depending on which web.xml you edit. (Works for Tomcat 4.1, I haven't moved to 5 yet...) -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Edit session timeout
From: Aris Javier [mailto:[EMAIL PROTECTED] Subject: RE: Edit session timeout I looked at my web.xml, and no sessionTimeout found there... can you give me an example on how to write it down in web.xml? Not sure what you meant by my web.xml, since, as Wendy noted, there's a global one in the conf directory, as well as one in the WEB-INF directory of each web app. The session timeout is usually in the global one, but can be overridden in each web app if needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Edit session timeout
session-config session-timeout120/session-timeout /session-config Look, at the web.xml file inside the conf directory, the global web.xml file that is. You can usually find this right above the mime-type mapping definitions. Drew. On Sun, 2005-01-30 at 20:28, Aris Javier wrote: I looked at my web.xml, and no sessionTimeout found there... can you give me an example on how to write it down in web.xml? thanks! aris -Original Message- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:25 PM To: Tomcat Users List Subject: Re: Edit session timeout From: Aris Javier [EMAIL PROTECTED] How to edit session timeout? Tomcat's default value is 30mins... Look in web.xml instead of server.xml. You can change it for the entire container, or on a per-webapp basis, depending on which web.xml you edit. (Works for Tomcat 4.1, I haven't moved to 5 yet...) -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Edit session timeout
Thanks Drew! I found it.. =) can I also use this setting per web app? by editing web.xml per web app? -Original Message- From: Drew Jorgenson [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:41 PM To: Tomcat Users List Subject: RE: Edit session timeout session-config session-timeout120/session-timeout /session-config Look, at the web.xml file inside the conf directory, the global web.xml file that is. You can usually find this right above the mime-type mapping definitions. Drew. On Sun, 2005-01-30 at 20:28, Aris Javier wrote: I looked at my web.xml, and no sessionTimeout found there... can you give me an example on how to write it down in web.xml? thanks! aris -Original Message- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:25 PM To: Tomcat Users List Subject: Re: Edit session timeout From: Aris Javier [EMAIL PROTECTED] How to edit session timeout? Tomcat's default value is 30mins... Look in web.xml instead of server.xml. You can change it for the entire container, or on a per-webapp basis, depending on which web.xml you edit. (Works for Tomcat 4.1, I haven't moved to 5 yet...) -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Edit session timeout
Yes. Doug - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Sunday, January 30, 2005 11:53 PM Subject: RE: Edit session timeout Thanks Drew! I found it.. =) can I also use this setting per web app? by editing web.xml per web app? -Original Message- From: Drew Jorgenson [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:41 PM To: Tomcat Users List Subject: RE: Edit session timeout session-config session-timeout120/session-timeout /session-config Look, at the web.xml file inside the conf directory, the global web.xml file that is. You can usually find this right above the mime-type mapping definitions. Drew. On Sun, 2005-01-30 at 20:28, Aris Javier wrote: I looked at my web.xml, and no sessionTimeout found there... can you give me an example on how to write it down in web.xml? thanks! aris -Original Message- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:25 PM To: Tomcat Users List Subject: Re: Edit session timeout From: Aris Javier [EMAIL PROTECTED] How to edit session timeout? Tomcat's default value is 30mins... Look in web.xml instead of server.xml. You can change it for the entire container, or on a per-webapp basis, depending on which web.xml you edit. (Works for Tomcat 4.1, I haven't moved to 5 yet...) -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Edit session timeout
Thanks Everybody! =) -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:56 PM To: Tomcat Users List Subject: Re: Edit session timeout Yes. Doug - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Sunday, January 30, 2005 11:53 PM Subject: RE: Edit session timeout Thanks Drew! I found it.. =) can I also use this setting per web app? by editing web.xml per web app? -Original Message- From: Drew Jorgenson [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:41 PM To: Tomcat Users List Subject: RE: Edit session timeout session-config session-timeout120/session-timeout /session-config Look, at the web.xml file inside the conf directory, the global web.xml file that is. You can usually find this right above the mime-type mapping definitions. Drew. On Sun, 2005-01-30 at 20:28, Aris Javier wrote: I looked at my web.xml, and no sessionTimeout found there... can you give me an example on how to write it down in web.xml? thanks! aris -Original Message- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 12:25 PM To: Tomcat Users List Subject: Re: Edit session timeout From: Aris Javier [EMAIL PROTECTED] How to edit session timeout? Tomcat's default value is 30mins... Look in web.xml instead of server.xml. You can change it for the entire container, or on a per-webapp basis, depending on which web.xml you edit. (Works for Tomcat 4.1, I haven't moved to 5 yet...) -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session timeout
Hi everybody, Is it possible to configure the session timeout using the org.apache.catalina.session.StandardManager Session Manager or am I forced to use the Persistent Manager just for doing so? (Tomcat v4.1) Regards, F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout
How about trying? Put this inside your web-app in web.xml session-config session-timeout10/session-timeout /session-config The number within the session-timeout element must be expressed in minutes. Works for me with the StandardManager, in tomcat 5 Trond Freddy Villalba A. wrote: Hi everybody, Is it possible to configure the session timeout using the org.apache.catalina.session.StandardManager Session Manager or am I forced to use the Persistent Manager just for doing so? (Tomcat v4.1) Regards, F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout means tomcat restart
Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2
Re: RE: session-timeout means tomcat restart
We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasourceconnection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful
Re: session-timeout means tomcat restart
Hi Steve, sorry for lack of details. In any case, problem solved. I am developing a webapp in the MVC style and was referring to the 'C' of the MVC when mentioning the controller. I am using TC as-is however. There was a bug in a data source validity check upon login making it so the data source was not getting re-established if need be. Then it would just hang on login. Not sure why I was often required to hard boot but it's not longer a problem since I corrected the data source hook. Eric On Mon, 8 Nov 2004 22:19:27 -, Steve Kirk [EMAIL PROTECTED] wrote: Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must
RE: RE: session-timeout means tomcat restart
sorry but no. what about the other points. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday 08 November 2004 22:37 To: Tomcat Users List Subject: Re: RE: session-timeout means tomcat restart We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasourceconnection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your
Re: RE: session-timeout means tomcat restart
Other points? I posted details when I solved this problem, last Friday, but I only now realized that someone changed the thread, a couple have, and my post is related to that thread. Perhaps you didn't see that. If you're wondering about event listeners, I have not implemented any as of yet. If you're still looking for other points then I'll need you to be specific. Also, in looking back at this thread I noticed you were the one who suggested creating a myapp.xml and where to put it. This was the suggestion I followed that finally solved my problem. Many thx for that! I still have yet to find a mention of this in TC 5.0 docs. Eric btw, I am required to manually put that myapp.xml at CATALINA_HOME/conf/Catalina/localhost/. I tried creating a META-INF, located at /myapp/ with a context.xml, but this did not result in a dynamic copy at CATALINA_HOME/conf/Catalina/localhost/. On Tue, 9 Nov 2004 00:51:09 -, Steve Kirk [EMAIL PROTECTED] wrote: sorry but no. what about the other points. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday 08 November 2004 22:37 To: Tomcat Users List Subject: Re: RE: session-timeout means tomcat restart We had a 'hung, and won't work without a reboot problem' and it was two things - we had to update some driver for the intel NIC cards in our server (for RedHat ES) and had to change some settings to get better NIC throughput. Hope it helps. - Original Message - From: Steve Kirk [EMAIL PROTECTED] Date: Monday, November 8, 2004 4:19 pm Subject: RE: session-timeout means tomcat restart Sorry for not replying sooner, I've been busy for a few days. Can you say more about the crashing? Any evidence from the logs? A bit difficult to be any more specific without more to go on really :) However, I have references to them from the controller so that shouldn't be the problem... eh? You mention controller. Are you using TC as-is, or are you using a framework such as struts or JSF by any chance? If you suspect that the problem is triggered by a closing session, why not try shortening the session timeout to a shorter length and see if it crashes quicker? In fact, it's worth checking whether the crash is around the time of the session expiry or not. If not, then your problem may not be directly caused by TC at all.? Do you have any event listeners? If you have one for sessionDestroyed/sessionWillPassivate, what does this code do? -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Saturday 06 November 2004 00:51 To: Steve Kirk Cc: Tomcat Users List Subject: Re: session-timeout means tomcat restart Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm
RE: session-timeout means tomcat restart
-Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout means tomcat restart
Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout means tomcat restart
Well, this is amazingly frustrating. My TC 5.0.28 running on Linux FC2 is completely crashing about every half hr when I have a webapp open and don't interact with it. I no longer have a time-out element in my web.xml so that doesn't seem to matter. TC shutdown and restart does not work. Instead, I'm required to hard boot my machine. I'm hung just trying to access the static welcome page of any app, although I do know that init() of the webapp I'm working on is being called. Eric On Fri, 5 Nov 2004 15:43:28 -0800, Eric Wulff [EMAIL PROTECTED] wrote: Linux FC2 TC 5.0.28 I'm not storing a db object within a session although I am storing objs within the session(of course - session.setAttribute). However, I have references to them from the controller so that shouldn't be the problem... eh? An interesting thing, I sometimes have to reboot my machine, not just restart TC. Although other apps run fine, I have to reboot my machine in order to get TC up again. I optimized my db connection, I did have it in servlet init(). Although I knew I had to do this and I'm much better off for it, and I appreciate you're noting it, but this didn't eliminate the crashing problem. I also am now taking advantage of a connection pool. However, as you figured, that does not solve the crash problem. Finally, I removed the session-configsession-timeout element from myapp web.xml to test if this is the initiator of the problem. Let you know what I find. Still, even if this is what initiates the sequence leading to a crash, it shouldn't so something need be fixed/optimized. Any other ideas? Eric On Fri, 5 Nov 2004 13:03:27 -, Steve Kirk [EMAIL PROTECTED] wrote: -Original Message- From: Eric Wulff [mailto:[EMAIL PROTECTED] Sent: Friday 05 November 2004 07:01 To: Tomcat Users List Subject: session-timeout means tomcat restart Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? I would say that rather than the problem being JDBC hardcoded in the servlet, the problem is more likely to be _how_ that code is written. if it really is the session timeout that is causing this, it sounds to me like you are storing the database objects within a session object (which seems a bit unusual). or at least the last reference to them is stored there, so that when the session is destroyed, the database connection is lost. it might be better to store the objects in local variables within doPost if your servlet is simple, or if it's more complex, then perhaps better places to put them would be the servlet context, or a field of the servlet class/instance. it all depends on your particular situation. whichever you choose though, you must make sure that connections are closed (or returned to the pool) when you have finished with them. this generally involves careful use of try/catch/finally. if restarting the webapp fixes the problem, it could be that your database objects are initialised in the servlet init() method, which is then called again when the webapp restarts. but if this were the case then I'm not sure how session timeout could cause the problem that you describe. datasource connection pooling is not necessarily the answer. you can still use up all your database resources and/or leave them hanging whether you pool them or not! 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? you don't say which platform/ versions you are using so memory leaks are hard to comment on. IMHO the issues above are more likely to be the problem so check those first before suspecting an error in TC :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session-timeout means tomcat restart
Hi, I'm experiencing 2 interesting problems that may be related to my session timeout. 1. It seems that when my session times out I need to restart tomcat, often just the application via reload in the manager, in order to gain access to my db again. Could this be because I've been accessing the db via jdbc hard coded in the servlet? Might using a datasource connection pool take care of this? 2. Often tomcat hangs without responding at all, to static or dynamic requests, after it's been left for an hr or more with no interaction. Might this be related to the memory leaks I hear about? thx Eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Yoav, Thanks for replying, long timeLeft = session.getLastAccessedTime() + session.getMaxInactiveInterval() * 1000 - System.currentTimeMillis(); PJ On Mon, 2004-09-20 at 22:54, Shapira, Yoav wrote: Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout is out by factor of 100?
Found the issue ... my apologies for wasting ppls time. A colleague had added a setMaxInactiveInterval statement in another section of the code which was overriding the web.xml value. Worse was that he'd set it for 3 thinking it was supposed to be in ms. My apologies all and thanks Yoav for looking into it. PJ On Tue, 2004-09-21 at 08:00, Peter Johnson wrote: Yoav, Thanks for replying, long timeLeft = session.getLastAccessedTime() + session.getMaxInactiveInterval() * 1000 - System.currentTimeMillis(); PJ On Mon, 2004-09-20 at 22:54, Shapira, Yoav wrote: Hi, How are you checking the time remaining for a session? Yoav Shapira Millennium Research Informatics -Original Message- From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 12:24 AM To: Tomcat Users List Subject: session-timeout is out by factor of 100? Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session-timeout is out by factor of 100?
Hi, Is anyone successfully using the web.xml session timeout configuration with Tomcat 5.0.25? Testing seems to indicate that this setting is out by a factor of 100 however using session.setMaxInactiveInterval seems to yield the desired result. E.g. Printing the time remaining (in ms) in a session when using: session.setMaxInactiveInterval(180) // 3 min in seconds --- presents 179226 == ~3 min however, setting session-config session-timeout5/session-timeout /session-config --- presents 29992101 == ~500min Thanks, PJ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session timeout: web.xml and setMaxInactiveInterval(int)
Your assumption is incorrect. When the session is created it will follow the value set in your web.xml but in this case, after session creation you modify its timeout attribute to be higher. This will only apply to sessions that go through this servlet, obviously. Ta Matt -Original Message- From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] Sent: 15 July 2004 22:44 To: Tomcat User Subject: session timeout: web.xml and setMaxInactiveInterval(int) My web.xml has the following: session-config session-timeout30/session-timeout /session-config However, when a user logs in, the following code in our app gets executed: HttpSession session = request.getSession(false); session.setMaxInactiveInterval(7200); I've been fiddling with the web.xml and didn't realize that other code was in there, and I'm wondering who trumps who. I would assume that the web.xml's global setting would have priority over any individual setting, but it could easily be the other way around! Thanks, Stephen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session timeout: web.xml and setMaxInactiveInterval(int)
My web.xml has the following: session-config session-timeout30/session-timeout /session-config However, when a user logs in, the following code in our app gets executed: HttpSession session = request.getSession(false); session.setMaxInactiveInterval(7200); I've been fiddling with the web.xml and didn't realize that other code was in there, and I'm wondering who trumps who. I would assume that the web.xml's global setting would have priority over any individual setting, but it could easily be the other way around! Thanks, Stephen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Timeout Error
I do not remember where i can set session time our for a web-app? But i think you must also set keepalive time, if i am not wrong :~)) -Original Message- From: Matt Krone [mailto:[EMAIL PROTECTED] Sent: Friday, June 18, 2004 5:49 PM To: [EMAIL PROTECTED] Subject: Session Timeout Error The web application I developed has a session-timeout setting of 10 minutes. When I authenticate with the application using the web browser Mozila 1.6 the session times out in 10 minutes. However, when I use the web browser IE 6.0 the session does not time out in 10 minutes. Any thoughts would be helpful? -Matt = /* Matt */ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
Session Timeout Error
The web application I developed has a session-timeout setting of 10 minutes. When I authenticate with the application using the web browser Mozila 1.6 the session times out in 10 minutes. However, when I use the web browser IE 6.0 the session does not time out in 10 minutes. Any thoughts would be helpful? -Matt = /* Matt */ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: The strange thing is that this page seems to only intermittently be displayed. i.e. it is catching the case where the session expires, but, in some cases since I'm using container based security, it is going back to the login page. Sometimes it goes to this page first, and then brings up the login page. Other times, it just goes straight to the login page. I need to look into it further. I have SingleSignOn enabled, so, I'm not sure if that May be it's working so fast you sometimes don't notice this redirection, and sometimes do? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
I found out about a few other functions that make it bit easier. I think I
have it working using the following,
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if(((HttpServletRequest)request).getRequestedSessionId() != null
((HttpServletRequest)request).isRequestedSessionIdValid() == false) {
RequestDispatcher rd =
request.getRequestDispatcher(/WEB-INF/sessionexpired.jsp);
rd.forward(request, response);
}
else {
chain.doFilter(request, response);
}
}
The strange thing is that this page seems to only intermittently be
displayed. i.e. it is catching the case where the session expires, but, in
some cases since I'm using container based security, it is going back to the
login page. Sometimes it goes to this page first, and then brings up the
login page. Other times, it just goes straight to the login page. I need to
look into it further. I have SingleSignOn enabled, so, I'm not sure if that
might have something to do with it. I need to do more testing. In theory, I
think it should go to the login page each time. So, I'm thinking of putting
a check in my login page similar to the above that just shows optional text
stating that the session has expired.
Another thing that I'm wondering is if it is possible to use a servlet as
the login page for Tomcat rather than a .jsp file.
Jon
- Original Message -
From: Veniamin Fichin [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, May 21, 2004 7:15 AM
Subject: Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote:
Yeah, that seems like it would work. I'm wondering if I could maybe use
a
filter by itself though and not use the listener and do something like
the
following.
1. Intercept all requests with a filter.
2. Get the HttpSession out of the request. Get the session ID by calling
HttpSession.getId();
3. Get the cookie array and see if there is a cookie named jsessionid.
If
there is, compare the two session IDs. If they are different forward to
sessionexpired.jsp to display error page. Otherwise, continue as normal.
I've just tried this way, it works. Look at example .java file in
attach for example, it's Filter implementation. Thanks for the
suggestion, it's very useful.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote:
Yeah, that seems like it would work. I'm wondering if I could maybe use a
filter by itself though and not use the listener and do something like the
following.
1. Intercept all requests with a filter.
2. Get the HttpSession out of the request. Get the session ID by calling
HttpSession.getId();
3. Get the cookie array and see if there is a cookie named jsessionid. If
there is, compare the two session IDs. If they are different forward to
sessionexpired.jsp to display error page. Otherwise, continue as normal.
I've just tried this way, it works. Look at example .java file in
attach for example, it's Filter implementation. Thanks for the
suggestion, it's very useful.
package org.unchqua.test.servlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.Cookie;
public class NewSessionFilter implements Filter {
private FilterConfig fconf;
public void init(FilterConfig arg0) throws ServletException {
fconf=arg0;
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain fchain) throws IOException, ServletException {
boolean newManualSession=false;
String fromSession=null;
if (((HttpServletRequest)req).getSession(false)!=null) {
fromSession=((HttpServletRequest)req).getSession(false).getId();
}
if (fromSession==null) {
fromSession=((HttpServletRequest)req).getSession().getId();
newManualSession=true;
}
String fromCookie=null;
Cookie[] cooks=((HttpServletRequest)req).getCookies();
if (cooks!=null) {
for (int i=0; icooks.length; i++) {
if (cooks[i].getName().equals(JSESSIONID)) {
fromCookie=cooks[i].getValue();
break;
}
}
}
ServletOutputStream out=resp.getOutputStream();
out.println(newManualSession ? Session manually created : );
out.println(fromSession!=null ? From session: +fromSession : No session);
out.println(fromCookie!=null ? From cookies: +fromCookie : No session id in
cookies);
if (fromSession==null fromCookie==null)
out.println(Session is completely new);
else if (fromSession==null fromCookie!=null)
out.println(Session lived but has been expired);
//fchain.doFilter(req, resp);
}
public void destroy() {
fconf=null;
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
In my case, I don't just want to test for a timed out session. I want to see
if the session has timed out since the user has logged in.
So, when the user logs in, I add an object to the session (any object will
do). Then at the top of every servlet I test for the existence of that
object 'if(session.getAttribute(myObject) == null)'. If the object is null
then I know that the session has timed out since the user last logged in.
At that point, I forward to the session expired page which informs the user
that he/she must log back in.
It sounds like you're looking for something similar.
On Wednesday 19 May 2004 04:56 pm, Jonathan Eric Miller wrote:
Thanks. I think option #1 is what I'm looking for. What I don't understand
is what I need to do with the session listener though?
I don't understand how to determine whether the new session is truly new,
or if it's a new session because a previous session timed out. Could I use
a filter and check the incoming session ID and if the session ID isn't in
the list of session IDs that the server knows about, assume that it's an
expired session?
Does anyone have example source code on how to do this?
Jon
- Original Message -
From: QM [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Wednesday, May 19, 2004 3:16 PM
Subject: Re: Session Timeout and Direct Reference to login page
On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote:
: All I want to do is detect when a session has timed out for a user and
: display a page stating such when the user makes a request after the
session
: has timed out. It seems like this should be a straight forward thing to
do.
: Am I missing something?
You could use a session listener and check its existence with a
filter... In other words:
// filter pseudocode
if( null != session.getAttribute( UserMarker ) ){
// pass the req and resp down the filter chain
}else{
// forward() to a your session timed out page
}
Is this what you're after?
Option #2: have each page meta-refresh to the your session timed out
page (set the refresh value 1 or 2 seconds beyond the session timeout).
This is more intrusive, though: people don't typically like it when
their browser starts moving around when they didn't explicitly ask.
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Ben Souther
F.W. Davison Company, Inc.
This e-mail message, and any accompanying documents, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure, distribution or
copying is prohibited. If you are not the intended recipient, please
contact our office by email or by telephone at (508) 747-7261 and
immediately destroy all copies of the original message.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
What was wrong with the first suggestion? 1.) When your user logs in, throw an object in their session. 2.) In each servlet/jsp (or, better, in a filter), test for the existence of that object and forward back to the login if it is null. Seems pretty straight forward to me. On Thursday 20 May 2004 12:51 pm, Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Thanks for the suggestion. The reason that I can't do it that way (as far as I know) is because I'm using container-based security. I'm not handling the submission of the login form directly. Before I switched to using container-based security, I was doing it exactly as you described. Jon - Original Message - From: Ben Souther [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 12:26 PM Subject: Re: Session Timeout and Direct Reference to login page What was wrong with the first suggestion? 1.) When your user logs in, throw an object in their session. 2.) In each servlet/jsp (or, better, in a filter), test for the existence of that object and forward back to the login if it is null. Seems pretty straight forward to me. On Thursday 20 May 2004 12:51 pm, Jonathan Eric Miller wrote: Yeah, that seems like it would work. I'm wondering if I could maybe use a filter by itself though and not use the listener and do something like the following. 1. Intercept all requests with a filter. 2. Get the HttpSession out of the request. Get the session ID by calling HttpSession.getId(); 3. Get the cookie array and see if there is a cookie named jsessionid. If there is, compare the two session IDs. If they are different forward to sessionexpired.jsp to display error page. Otherwise, continue as normal. This assumes that the session ID changes everytime it expires. As far as I know, that is the case. I would also have to figure out how to get the jsessionid if it is in the URL rather than in a cookie. I would prefer to do it that way if I can for the sake of simplicity. I want to avoid having a Hashtable that grows indefinitely if possible. Does it seem like this work, or, am I missing something? I'm wondering if this wouldn't work if I didn't have single sign-on enabled. i.e. the login page would get displayed at session expiration. I'm not sure if the login page does only forwards, or if it does a redirect. I'm thinking the redirect might make the above logic not work since the session ID in the cookie would get updated first by the login page. Note, the filter runs after the login page. It seems like there should be a generic way to handle this kind of thing that is well understood and known to work. Jon - Original Message - From: Veniamin Fichin [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:59 AM Subject: Re: Session Timeout and Direct Reference to login page Jonathan Eric Miller wrote: Thanks. I think option #1 is what I'm looking for. What I don't understand is what I need to do with the session listener though? I don't understand how to determine whether the new session is truly new, or if it's a new session because a previous session timed out. Could I use a filter and check the incoming session ID and if the session ID isn't in the list of session IDs that the server knows about, assume that it's an expired session? Yes, this may be the right solution. Store a hash in a singleton class and fill it with session ids that has expired (add a new hash pair in every invocation of sessionDestroyed()). And at every request check that: 0) HttpSession.isNew()==true . 1) HttpServletRequest.getCookies() array contains an entry that matches one of your hash pairs. That way you may determine if that session is truly new or an expired one. It's just a guess. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SingleSignOn session timeout question
I'm using org.apache.catalina.authenticator.SingleSignOn for single sign on with container-based security. I have a question about session time outs. When the session for a given application times out, if a user attempts to access the application after the session has timed out, the user should have to login again, correct? According to the documentation, this is the case. However, I'm finding that it intermittently lets you continue before going to the login page. i.e. the user can still access the pages, but, the session is cleared. Has anyone else notices this? I'm wondering if this is a bug. Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Tomcat behaves according to the Servlet/JSP specs. It creates a new session if a request is made after the previous one expires. It's not too difficult to write your own, I did. -Write a session-timeout.jsp with a link to your login. -Define a context-param in web.xml (session-timeout-page-url) or something like that, which defines the name of your session-timeout.jsp -At the top of every servlet check for the existence of an object that get's put in session during login (an empty string will do). If it's null, forward to the session-timeout.jsp. Of course, you could also just forward straight to the login page and bypass the session-timeout.jsp altogether. If you're doing everything with JSPs, you could just use an include for the code that does the checking so you don't have to put the same code on the top of every JSP. You could also do the same thing from a Filter. On Wednesday 19 May 2004 04:35 pm, Jonathan Eric Miller wrote: It's too bad there isn't a session-timeout-page element that you can put in web.xml kind of like the error-page element... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and Direct Reference to login page Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e
Re: Session Timeout and Direct Reference to login page
It's too bad there isn't a session-timeout-page element that you can put in web.xml kind of like the error-page element... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 2:58 PM Subject: Re: Session Timeout and Direct Reference to login page Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Thanks. I think option #1 is what I'm looking for. What I don't understand
is what I need to do with the session listener though?
I don't understand how to determine whether the new session is truly new, or
if it's a new session because a previous session timed out. Could I use a
filter and check the incoming session ID and if the session ID isn't in the
list of session IDs that the server knows about, assume that it's an expired
session?
Does anyone have example source code on how to do this?
Jon
- Original Message -
From: QM [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Wednesday, May 19, 2004 3:16 PM
Subject: Re: Session Timeout and Direct Reference to login page
On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote:
: All I want to do is detect when a session has timed out for a user and
: display a page stating such when the user makes a request after the
session
: has timed out. It seems like this should be a straight forward thing to
do.
: Am I missing something?
You could use a session listener and check its existence with a
filter... In other words:
// filter pseudocode
if( null != session.getAttribute( UserMarker ) ){
// pass the req and resp down the filter chain
}else{
// forward() to a your session timed out page
}
Is this what you're after?
Option #2: have each page meta-refresh to the your session timed out
page (set the refresh value 1 or 2 seconds beyond the session timeout).
This is more intrusive, though: people don't typically like it when
their browser starts moving around when they didn't explicitly ask.
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
On Wed, May 19, 2004 at 02:58:05PM -0500, Jonathan Eric Miller wrote:
: All I want to do is detect when a session has timed out for a user and
: display a page stating such when the user makes a request after the session
: has timed out. It seems like this should be a straight forward thing to do.
: Am I missing something?
You could use a session listener and check its existence with a
filter... In other words:
// filter pseudocode
if( null != session.getAttribute( UserMarker ) ){
// pass the req and resp down the filter chain
}else{
// forward() to a your session timed out page
}
Is this what you're after?
Option #2: have each page meta-refresh to the your session timed out
page (set the refresh value 1 or 2 seconds beyond the session timeout).
This is more intrusive, though: people don't typically like it when
their browser starts moving around when they didn't explicitly ask.
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Direct Reference to login page
Renato, Did you ever receive a response to this? I'm having the same problem. My current problem is slightly more complicated though. I have my application protected using container based security, but, I also have single-sign on enabled. So, the user doesn't get redirected back to the login page when the session times out. Previously, I used to make it so that if the session had expired (detected by my main JavaBean not being present (I was never able to figure out how to determine whether it was a new session or one that had expired and hence couldn't display an error message in the later case)), I'd just redirect the user back to the first page of my application. However, now, I'm using JavaServer Faces. As a result, I'm not the one implementing the controller part of my application, JSF is. Someone mentioned something about using HttpSessionListener. I don't see how that can work because you don't have a handle to the request and response. Is there a standard way of handling session timeouts? All I want to do is detect when a session has timed out for a user and display a page stating such when the user makes a request after the session has timed out. It seems like this should be a straight forward thing to do. Am I missing something? Jon - Original Message - From: Renato Romano [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:31 AM Subject: Session Timeout and Direct Reference to login page I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session-timeout
Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. thanks for your input G. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
Re: session-timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerald Powel wrote: | Hi all, | | I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. Jerald, I don't know the internals of Tomcat's Session management, but there are a few things to think about here that might help. 1) Just by closing the browser does not cause the session to close. 2) You could be putting some shared object into the Session which is not garbage collected when the session itself dies. 3) I believe you can configure a listener to receive an event when a session dies. You could therefore see if they really are being closed. 4) Be careful what you put in the Session. Usually only place small or transient objects into the Session. Don't put any heavy objects, like database connections into the session. 5) There could be a Tomcat bug. :) (unlikely, though) Hope that helps, Seth -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFATPrI5EIB1scRes8RAn7oAJ43yJLv+9GeaQD7LADIuQfk0N5zuQCeJTDl +aFJNg57g77HwvOATT60kB8= =8yG4 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:38 PM To: Tomcat Users List Subject: session-timeout Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. thanks for your input G. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
At 02:37 PM 3/8/2004, you wrote: Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. I'm dismayed that this topic keeps coming up ... it really should die. There is not a 1-1 correspondence between the memory that you see your task manager report and the amount of actual memory being consumed by your app. It's a problem of perspective -- from the operating system's perspective, the consumer is the java JVM. From your perspective, the consumer is your webapp. When Tomcat requests more memory, the JVM in turn requests more memory from the OS. Just because Tomcat releases memory doesn't mean that the JVM does. You can't use the Task Manager to (reliably) measure your webapp's memory consumption. There is plenty of information about this in the archives or by reading up on JVM memory management for whatever vendor/platform you're running on. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 03:07 PM 3/8/2004, you wrote: My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? thnx G. Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
RE: session-timeout
At 04:50 PM 3/8/2004, you wrote: Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? Try these (from a really quick search) to get you started. Look at the terms being used and try searching for other messages along the same lines. http://www.mail-archive.com/[EMAIL PROTECTED]/thrd4.html#119966 http://www.mail-archive.com/[EMAIL PROTECTED]/msg120110.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg111595.html The JVM is the software that you download from Sun. It's the thing that runs *any* java program. Tomcat is one possible program. Point being it's the JVM's responsibility to request memory from the operating system, then provide that memory to the java program running inside it. Just because Tomcat no longer uses the memory (when a session expires, for example), doesn't mean the JVM returns it to the OS. Hope that helps, justin Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Timeout and Direct Reference to login page
I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Timeout and Direct Reference to login page
I have two problems i'm facing with every web application using declarative security model, that is: 1) Detect that the user session has expired, and forward him to an appropriate login page; Usually we build webapp in which the home page shows a login form; to handle this, I use to make a index.jsp page which redirects the user to a protected page; this is handled by the container which then shows my login page (as specified in web.xml) that is my HOME page. With this approach however, I can't detect session expirying, so if the session times out, the user is presented with the HOME page (the login page) without further notice or advice!! I tried to solve this with a filter, but it seems the container (Tomcat 4.1.127 inside Jboss) forwards to the login page without calling the filter. 2) If the user waits too long reading the home/login page, the sessions times out, Tomcat looses the reference to the previously requested protected page, and on login shows an Invalid Direct refernce to form login page error. Again a filter seem not to be useful in this case, since Tomcat commits the error without calling the filter!! Any help or hint on this topic is very, very appreciated Renato Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to set session timeout?
Howdy, You should read the specification for session timeout. You can't set it for less than a minute using web.xml. The default is 30 minutes. Yoav Shapira Millennium ChemInformatics -Original Message- From: Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 7:52 PM To: Tomcat Users List Subject: Re: How to set session timeout? Whats the default value set for session timeout?? (tomcat 4.1.29)? ie if I do not specify the session-timeout whats the default ? Thanks On Jan 20, 2004, at 3:30 PM, Filip Hanik wrote: in web.xml in your web application (WEB-INF/web.xml) Filip - Original Message - From: Mufaddal Khumri [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 2:27 PM Subject: How to set session timeout? From where can you set the session timeout ? In other words where in Tomcat can you control the session timeout ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to set session timeout?
From where can you set the session timeout ? In other words where in Tomcat can you control the session timeout ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to set session timeout?
in web.xml in your web application (WEB-INF/web.xml) Filip - Original Message - From: Mufaddal Khumri [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 2:27 PM Subject: How to set session timeout? From where can you set the session timeout ? In other words where in Tomcat can you control the session timeout ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to set session timeout?
session-config session-timeout1/session-timeout /session-config Can we set the session-timeout less than a minute? Thanks On Jan 20, 2004, at 3:30 PM, Filip Hanik wrote: in web.xml in your web application (WEB-INF/web.xml) Filip - Original Message - From: Mufaddal Khumri [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 2:27 PM Subject: How to set session timeout? From where can you set the session timeout ? In other words where in Tomcat can you control the session timeout ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to set session timeout?
Whats the default value set for session timeout?? (tomcat 4.1.29)? ie if I do not specify the session-timeout whats the default ? Thanks On Jan 20, 2004, at 3:30 PM, Filip Hanik wrote: in web.xml in your web application (WEB-INF/web.xml) Filip - Original Message - From: Mufaddal Khumri [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 2:27 PM Subject: How to set session timeout? From where can you set the session timeout ? In other words where in Tomcat can you control the session timeout ? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session timeout
Perhaps because in the web.xml you specify the value in minutes, and in the code the method getMaxInactiveInterval() retrieves the time in seconds?? ;-) Vitor Chris Wahl wrote: Hi,all I am using TC4.0.6, After I setting session timeout to -1 by adding following in web.xml: session-config session-timeout-1/session-timeout /session-config In a servlet of the same web module I get such interesting output: hs.getMaxInactiveInterval() = -60 // hs is HttpSession My question is, why -1 is replaced by -60? Regards Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session timeout
Hi,all I am using TC4.0.6, After I setting session timeout to -1 by adding following in web.xml: session-config session-timeout-1/session-timeout /session-config In a servlet of the same web module I get such interesting output: hs.getMaxInactiveInterval() = -60 // hs is HttpSession My question is, why -1 is replaced by -60? Regards Chris
RE: Warning of session timeout.
And ofcourse, if you dont like the simple solutions and/or want to add more complex behaviour, you can always go for a Java Applet that connects to the server -Original Message- From: Michael Cardon [mailto:[EMAIL PROTECTED] Sent: 06 2004 . 20:04 To: Tomcat Users List Subject: Warning of session timeout. Hello, When I'm doing online banking over the internet, I get a popup notice telling me my session is about to expire and asking me if I want to stay logged in or not. How do they do this? I would like to offer the same kind of message on our web site to our users when the session is about to expire. Anyone know how this is done? Thanks. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Warning of session timeout.
Do you know of any Java Applets out there that I could look at for examples? Thanks. Michael -Original Message- From: Altankov Peter [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 6:23 AM To: Tomcat Users List Subject: RE: Warning of session timeout. And ofcourse, if you dont like the simple solutions and/or want to add more complex behaviour, you can always go for a Java Applet that connects to the server -Original Message- From: Michael Cardon [mailto:[EMAIL PROTECTED] Sent: 06 2004 . 20:04 To: Tomcat Users List Subject: Warning of session timeout. Hello, When I'm doing online banking over the internet, I get a popup notice telling me my session is about to expire and asking me if I want to stay logged in or not. How do they do this? I would like to offer the same kind of message on our web site to our users when the session is about to expire. Anyone know how this is done? Thanks. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Warning of session timeout.
No sorry, was just an idea :( -Original Message- From: Michael Cardon [mailto:[EMAIL PROTECTED] Sent: 07 2004 . 17:51 To: Tomcat Users List Subject: RE: Warning of session timeout. Do you know of any Java Applets out there that I could look at for examples? Thanks. Michael -Original Message- From: Altankov Peter [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 6:23 AM To: Tomcat Users List Subject: RE: Warning of session timeout. And ofcourse, if you dont like the simple solutions and/or want to add more complex behaviour, you can always go for a Java Applet that connects to the server -Original Message- From: Michael Cardon [mailto:[EMAIL PROTECTED] Sent: 06 2004 . 20:04 To: Tomcat Users List Subject: Warning of session timeout. Hello, When I'm doing online banking over the internet, I get a popup notice telling me my session is about to expire and asking me if I want to stay logged in or not. How do they do this? I would like to offer the same kind of message on our web site to our users when the session is about to expire. Anyone know how this is done? Thanks. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Warning of session timeout.
Hello, When I'm doing online banking over the internet, I get a popup notice telling me my session is about to expire and asking me if I want to stay logged in or not. How do they do this? I would like to offer the same kind of message on our web site to our users when the session is about to expire. Anyone know how this is done? Thanks. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Warning of session timeout.
I guess you could get the desired result using JavaScript locally to count down from when the page is last sent. Just a suggestion. Best regards Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Warning of session timeout.
Howdy, Probably a simple javascript function that fires off a popup a few minutes before the configured session timeout. Trivial (and not specific to java) to implement. Yoav Shapira Millennium ChemInformatics -Original Message- From: Michael Cardon [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 1:04 PM To: Tomcat Users List Subject: Warning of session timeout. Hello, When I'm doing online banking over the internet, I get a popup notice telling me my session is about to expire and asking me if I want to stay logged in or not. How do they do this? I would like to offer the same kind of message on our web site to our users when the session is about to expire. Anyone know how this is done? Thanks. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Setting session timeout when using SingleSignOn
Hi, I can increase the session timeout for a webapp by putting the following in the webapp's web.xml file: session-config !-- session timeout in minutes -- session-timeout120/session-timeout /session-config I can get SingleSignOn is working so that I can move between webapps without logging in to each. The probelm is that once I turn on SingleSignOn my sessions are timing out in much less than 120 minutes. Is there any way to get both session timeouts and SingleSignOn to work at the same time? Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: definition/usage of session-timeout?
JSP/Servlet technology uses a solution called the HttpSession to overcome the limitations of the stateless HTTP protocol. Tomcat uses cookies to map a particular web user to his/her session object. The developer can bind objects to a user's session object and then retrieve them on subsequent hits from that user's browser. The session-timeout attribute allows you to explicitly set the length of your webapps sessions. The default is 30 mins. You're trying cancel a particular request. I don't think that can be done in tomcat (someone will correct me if I'm wrong). Even if it could, it would be better to get to the root of the problem and fix that. Try putting a bunch of System.out.println( ) statements in your code, tail the catalina log, and hit your app to find out which line of code is causing it to hang. The catalina.log file is in TOMCAT_HOME/logs. All standard out and standard error messages get routed to there by default. The Unix tail command with the -f option will allow you to watch the logfile as it is being written to, in real time. -Ben On Monday 24 November 2003 07:00 pm, you wrote: Hi, I'm a relatively new Tomcat user, running 4.0.4 (testing on Windows, deploying on Sun UNIX). The UNIX servlet is having rare problems hanging, for which the exact cause is unknown. I'm trying to see if a session timeout can solve the problem, but have not been able to get it to work. Numerous archives talk about this, and it seems like I'm doing what everyone suggests, but it's not working. In my web.xml file, I have the following, as a test of one-minute timeout: session-config session-timeout1/session-timeout /session-config I have made a call the HttpSession.getMaxInactiveInterval, and it returns 60 (seconds, I presume), so I believe the parameter is being applied. I have tried 2 different approaches to simulate an inactive server: 1) Manually update a database row (but don't commit) before the servlet call, then have the servlet try to update the same row 2) Use Thread.sleep(12) In both cases, the 1 minute timeout doesn't do anything. So what constitutes an inactive session, for which this parameter was designed? If it likely won't solve my problem, does anyone have an idea on how I can kill the request after a given amount of time? much thanks, -Ron - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: definition/usage of session-timeout?
Ben, Thanks for the reply. But I'm still unclear on why setting the timeout won't work for my situation. What is the difference between an effectively idle session timing out, and cancelling a request? Of course I agree that fixing the root problem would be preferable, but it's extremely hard to diagnose. Putting in println's everywhere would in my case generate huge log file sizes, and I'll only try that as a last resort. Can anyone suggest a different technique for simulating an inactive session, so that I can get session-timeout to work? thanks, -Ron -- Ben Souther wrote: JSP/Servlet technology uses a solution called the HttpSession to overcome the limitations of the stateless HTTP protocol. Tomcat uses cookies to map a particular web user to his/her session object. The developer can bind objects to a user's session object and then retrieve them on subsequent hits from that user's browser. The session-timeout attribute allows you to explicitly set the length of your webapps sessions. The default is 30 mins. You're trying cancel a particular request. I don't think that can be done in tomcat (someone will correct me if I'm wrong). Even if it could, it would be better to get to the root of the problem and fix that. Try putting a bunch of System.out.println( ) statements in your code, tail the catalina log, and hit your app to find out which line of code is causing it to hang. The catalina.log file is in TOMCAT_HOME/logs. All standard out and standard error messages get routed to there by default. The Unix tail command with the -f option will allow you to watch the logfile as it is being written to, in real time. -Ben Original message: Hi, I'm a relatively new Tomcat user, running 4.0.4 (testing on Windows, deploying on Sun UNIX). The UNIX servlet is having rare problems hanging, for which the exact cause is unknown. I'm trying to see if a session timeout can solve the problem, but have not been able to get it to work. Numerous archives talk about this, and it seems like I'm doing what everyone suggests, but it's not working. In my web.xml file, I have the following, as a test of one-minute timeout: session-config session-timeout1/session-timeout /session-config I have made a call the HttpSession.getMaxInactiveInterval, and it returns 60 (seconds, I presume), so I believe the parameter is being applied. I have tried 2 different approaches to simulate an inactive server: 1) Manually update a database row (but don't commit) before the servlet call, then have the servlet try to update the same row 2) Use Thread.sleep(12) In both cases, the 1 minute timeout doesn't do anything. So what constitutes an inactive session, for which this parameter was designed? If it likely won't solve my problem, does anyone have an idea on how I can kill the request after a given amount of time? much thanks, -Ron - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: definition/usage of session-timeout?
A session timeout just means that the next time you hit the site with the same browser, you will be assigned a new JSPSessionID to bind that transaction with your session object. It would do nothing to stop a request that's hung. Think of a request as one hit to a server and a session as several hits over a given period of time. What you're looking for is a script timeout which, to the best of my knowlege, doesn't exist in the servlet spec. On Tuesday 25 November 2003 10:08 am, Ron W. wrote: Ben, Thanks for the reply. But I'm still unclear on why setting the timeout won't work for my situation. What is the difference between an effectively idle session timing out, and cancelling a request? Of course I agree that fixing the root problem would be preferable, but it's extremely hard to diagnose. Putting in println's everywhere would in my case generate huge log file sizes, and I'll only try that as a last resort. Can anyone suggest a different technique for simulating an inactive session, so that I can get session-timeout to work? thanks, -Ron -- Ben Souther wrote: JSP/Servlet technology uses a solution called the HttpSession to overcome the limitations of the stateless HTTP protocol. Tomcat uses cookies to map a particular web user to his/her session object. The developer can bind objects to a user's session object and then retrieve them on subsequent hits from that user's browser. The session-timeout attribute allows you to explicitly set the length of your webapps sessions. The default is 30 mins. You're trying cancel a particular request. I don't think that can be done in tomcat (someone will correct me if I'm wrong). Even if it could, it would be better to get to the root of the problem and fix that. Try putting a bunch of System.out.println( ) statements in your code, tail the catalina log, and hit your app to find out which line of code is causing it to hang. The catalina.log file is in TOMCAT_HOME/logs. All standard out and standard error messages get routed to there by default. The Unix tail command with the -f option will allow you to watch the logfile as it is being written to, in real time. -Ben Original message: Hi, I'm a relatively new Tomcat user, running 4.0.4 (testing on Windows, deploying on Sun UNIX). The UNIX servlet is having rare problems hanging, for which the exact cause is unknown. I'm trying to see if a session timeout can solve the problem, but have not been able to get it to work. Numerous archives talk about this, and it seems like I'm doing what everyone suggests, but it's not working. In my web.xml file, I have the following, as a test of one-minute timeout: session-config session-timeout1/session-timeout /session-config I have made a call the HttpSession.getMaxInactiveInterval, and it returns 60 (seconds, I presume), so I believe the parameter is being applied. I have tried 2 different approaches to simulate an inactive server: 1) Manually update a database row (but don't commit) before the servlet call, then have the servlet try to update the same row 2) Use Thread.sleep(12) In both cases, the 1 minute timeout doesn't do anything. So what constitutes an inactive session, for which this parameter was designed? If it likely won't solve my problem, does anyone have an idea on how I can kill the request after a given amount of time? much thanks, -Ron - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: definition/usage of session-timeout?
At 07:08 AM 11/25/2003, you wrote: Ben, Thanks for the reply. But I'm still unclear on why setting the timeout won't work for my situation. What is the difference between an effectively idle session timing out, and cancelling a request? Of course I agree that fixing the root problem would be preferable, but it's extremely hard to diagnose. Putting in println's everywhere would in my case generate huge log file sizes, and I'll only try that as a last resort. Can anyone suggest a different technique for simulating an inactive session, so that I can get session-timeout to work? If your servlet is hanging, you need to find out what it's hanging on. Get a thread dump from your JVM when your server is hung (or your request is hung) and it should be obvious what is going on (thread dump commands vary by platform -- see your JVM docs). From what I've heard from you so far, this has absolutely nothing to do with session timeouts. justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
definition/usage of session-timeout?
Hi, I'm a relatively new Tomcat user, running 4.0.4 (testing on Windows, deploying on Sun UNIX). The UNIX servlet is having rare problems hanging, for which the exact cause is unknown. I'm trying to see if a session timeout can solve the problem, but have not been able to get it to work. Numerous archives talk about this, and it seems like I'm doing what everyone suggests, but it's not working. In my web.xml file, I have the following, as a test of one-minute timeout: session-config session-timeout1/session-timeout /session-config I have made a call the HttpSession.getMaxInactiveInterval, and it returns 60 (seconds, I presume), so I believe the parameter is being applied. I have tried 2 different approaches to simulate an inactive server: 1) Manually update a database row (but don't commit) before the servlet call, then have the servlet try to update the same row 2) Use Thread.sleep(12) In both cases, the 1 minute timeout doesn't do anything. So what constitutes an inactive session, for which this parameter was designed? If it likely won't solve my problem, does anyone have an idea on how I can kill the request after a given amount of time? much thanks, -Ron - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do i handle session-timeout in an acceptable manner?
Shapira, Yoav schrieb: I have implemented this workaround: As for this workaround, why wouldn't it work with future tomcat versions? There's nothing tomcat-specific in it, much less tomcat 4.1.x-specific. Yoav Shapira A different servlet engine could use a POST instead of a GET to continue processing after form based login. Then my solution would not work. Hayo Schmidt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How do i handle session-timeout in an acceptable manner?
-Original Message- From: Hayo Schmidt [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 11:07 AM To: Tomcat Users List Subject: Re: How do i handle session-timeout in an acceptable manner? Shapira, Yoav schrieb: I have implemented this workaround: As for this workaround, why wouldn't it work with future tomcat versions? There's nothing tomcat-specific in it, much less tomcat 4.1.x-specific. Yoav Shapira A different servlet engine could use a POST instead of a GET to continue processing after form based login. Then my solution would not work. But wasn't that your original problem? If a different servlet engine uses POST, then all is good, your application will not fail, because the container-managed AUTH does not inappropriately GET the page. Containers that POST will follow the 'happy path' coded in your doPost() methods. When you use a container that GETs, like Tomcat, then your workaround will work for those containers. Hayo Schmidt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: auto refresh pages and session timeout
Hi There, I had a similar problem and basically started an internal timer that was only reset if the page requested was not the same as the previous page. I could forward you the code if required. Thanks Pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED] Sent: 06 October 2003 21:51 To: [EMAIL PROTECTED] Subject: Re: auto refresh pages and session timeout On Mon, October 6, 2003 1at 1:12 am, Mark W. Webb sent the following Is there a way to implement meta http-equiv=refresh content=60 tag in HTML and still have the ability to timeout a session after X number of minutes ? Would there have to be some logic in place for the servlet that changes the session timeout for every refresh? Changing the JSP to not use a session might work: [EMAIL PROTECTED] session=false% -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: auto refresh pages and session timeout
I would like to see the code. Thank you. Peter Guyatt wrote: Hi There, I had a similar problem and basically started an internal timer that was only reset if the page requested was not the same as the previous page. I could forward you the code if required. Thanks Pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED] Sent: 06 October 2003 21:51 To: [EMAIL PROTECTED] Subject: Re: auto refresh pages and session timeout On Mon, October 6, 2003 1at 1:12 am, Mark W. Webb sent the following Is there a way to implement meta http-equiv=refresh content=60 tag in HTML and still have the ability to timeout a session after X number of minutes ? Would there have to be some logic in place for the servlet that changes the session timeout for every refresh? Changing the JSP to not use a session might work: [EMAIL PROTECTED] session=false% -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
