How deep is this restriction? Can I change the SSO class? I have already subclassed it to add some client PKI checking.
Why would one webapp's timeout kill a current session, seems it should kill itself then each session would die a natural death, unless I call invalidate session. Bert -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 12:27 PM To: Tomcat Users List Subject: RE: SingleSignOn timeout Hi, And Tomcat's SingleSignOn valve is restrictive. So the behavior you're seeing is by design. Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: Peter Lin [mailto:[EMAIL PROTECTED] >Sent: Monday, April 12, 2004 3:27 PM >To: Tomcat Users List >Subject: Re: SingleSignOn timeout > > >that would depend on the type of "single-signon" you want right. > >a restrictive single-signon mechanism would consider the user logged out of >all webapps once the user logs out of one webapp. > >if you don't want the login to be symmetic, when do you decide a login is >invalid? Is it based on timeouts, or some other mechanism? In my mind, >single-signon also means single-signout. But that's my biased perspective. > >the reason for this way of thinking is, say I login to my BOA checking >account and I go to view my savings account. Then I jump to my trading >account. When I log off, I expect to log off BOA and not just the section >I'm on. Other people might have different expectations, but that's how I >tend to think of "single signon". > >peter lin > > > >"Summers, Bert W." <[EMAIL PROTECTED]> wrote: >I am using the SingleSignOn class from Tomcat. >It is working good in that I have three webapps that I can be between >without a problem. > >My issue that when one of the sessions expire it kills all the sessions in >the other webapps and I get redirected to the login screen again. > >That is not supposed to happen is it? >I am keeping one webapps session active and then it dies. > >Is there some setting? > >Thanks. > > >--------------------------------- >Do you Yahoo!? >Yahoo! Tax Center - File online by April 15th This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
