"As soon as the user logs out of one web application (for example, by invalidating or timing out the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again."
-Tim
G. Wade Johnson wrote:
Thanks again for all of the responses so far on my Timeout issue. I still have a problem, but it is not what I thought it was.
Apparently, there is a <session-timeout/> set to 30 minutes in the $CATALINA_HOME/conf/web.xml that I have. I don't recall changing this (but I won't rule out the possibility). I modified that, and found that I could get the session to expire at the time I specify.
This time, I looked at the cookies that were sent back just before I get the login screen and found that Tomcat is sending a request to delete the JSESSIONIDSSO cookie used by the SingleSignon valve. Apparently, it is this valve and not Tomcat proper that is signing me out after the timeout period.
Is this expected behavior?
Is there any way for me to work around this behavior?
Thanks again, G. Wade
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
