I have written an standalone application that is using servlets to login to the application and to get different data from a database behind a firewall. I want to limit the password and username from going over the net more often than necessary ( I use a MD5 hash of the password to get it accross the first time with a random Seed value), so I use JSESSIONID to identify a user and get back some objects I have stored in the session. The problem I run into is that the session expire after one hour. I know I can just expand this out to a few more hours, but I really dont want to do this because I do want to erase sessions that have not been used in more than an hour. Is there a way to configure Tomcat to check the expire time against last access time and not creation time?
TIA Jason Tomcat 3.3 Apache 1.3.22 Windows 2000 Pro -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
