On Thu, 29 Aug 2002, Srinadh Karumuri wrote:
> Date: Thu, 29 Aug 2002 16:29:40 -0400
> From: Srinadh Karumuri <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: Re: single sign on and time outs
>
>
> >More precisely, both sessions will be invalidated.
> I didn't get this. Lets say I have two webapps sharing one Tomcat3.0.
> If
> timeout for webapp1 = 5 min.
> and
> timeout for webapp2 = 10 min.
> Does it mean both will get timed out after 5 min. I don't think so.
Tomcat 3.x doesn't have any notion of "single sign on" support, so of
course you won't see both logged out there.
Tomcat 4.x has single sign on support if you are using form-based login
for all the apps -- and it will indeed time out all sessions if any one of
them times out. However, there is no way (in Servlet 2.3) to
programmatically force a logout from all of the sessions. Of course, you
have to explicitly enable the single sign on valve to get this behavior.
Tomcat 5 will have the same "timeout once times out all" behavior, and
adds the ability to programmatically request a logout.
Craig
>
> -Sri
> At 04:00 PM 8/29/2002, you wrote:
>
>
> >On Thu, 29 Aug 2002, HAVENS,PETER (HP-Cupertino,ex3) wrote:
> >
> > > Date: Thu, 29 Aug 2002 15:25:20 -0400
> > > From: "HAVENS,PETER (HP-Cupertino,ex3)" <[EMAIL PROTECTED]>
> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> > > To: 'Tomcat Users List' <[EMAIL PROTECTED]>
> > > Subject: single sign on and time outs
> > >
> > > I have a question regarding SingleSignOn. It seems that if any web app is
> > > accessed and then not visited for a period of time equal to the time out
> > > value of the global web.xml then the user will be de-authenticated for all
> > > webapps. To clarify, if I have two webapps, demo1 and demo2, and I log
> > onto
> > > my server which is configured for SingleSignOn; then if I visit a resource
> > > in the demo1 webapp and then start viewing resources on the demo2 web app,
> > > the timeout will occur for the demo1 session and thus timeout my entire
> > > session.
> > >
> >
> >More precisely, both sessions will be invalidated.
> >
> > > Is there a way to configure single sign on so that it does not do timeouts
> > > based on each web app?
> > >
> >
> >Isn't it easier to just make your sessions not time out?
> >
> > > -Peter
> > >
> >
> >Craig
> >
> >
> >--
> >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
