Thanks for the quick response. Here are my responses: > - Tomcat's conf web.xml sets the default session-timeout (in > session-config element) to use for all web apps. That makes sense to me but the setting in my $CATALINA_HOME/conf/web.xml is set to 30 mins which to me says that Tomcat is not using it.
> - You can specify a different session-timeout in each specific web app you > deploy in the web app's WEB-INF/web.xml file. I haven't created a web.xml for my app...should I? I tried copying the $CATALINA_HOME/conf/web.xml over to my app's WEB-INF directory and changing the session-timeout setting to 120 mins to see if it worked. The problem was that my app totally stopped working; I couldn't even get my main login page to display. This says to me that there is a lot more involved in creating a web.xml than just copying it over from the conf directory. But realistically I don't really want to create one just for my app; my app is and will be the only app on my server. I would rather try to get Tomcat to use the setting in the conf/web.xml file. > - This session timeout can still be overridden in application code using > the session.setMaxInactiveInterval method. I have no qualms about putting this in my code but not quite sure how to use it. Would I fetch the session ID and then call this method and it would keep from resetting the session ID the next time I go to check it. I guess my question mainly is would I call this method once upon login to my app and from then on every other page would use the timeout that the method call sets? Thanks so much for the info. Kenny ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, December 20, 2002 9:34 AM Subject: Re: Session timeout setting (URGENT) > Hi, Kenny. > > I think this is basically how it works: > > - Tomcat's conf web.xml sets the default session-timeout (in > session-config element) to use for all web apps. > > - You can specify a different session-timeout in each specific web app you > deploy in the web app's WEB-INF/web.xml file. > > - This session timeout can still be overridden in application code using > the session.setMaxInactiveInterval method. > > I hope this helps you find the problem. > > -Jeff > > > > > > "Kenny G. Dubuisson, Jr." <[EMAIL PROTECTED]> > 12/20/02 09:05 AM > Please respond to "Tomcat Users List" > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > cc: > Subject: Re: Session timeout setting (URGENT) > > > Simple minded as I am, I still believe with everything I have that there > MUST be a setting in Tomcat that controls how often new session ID's are > generated. If I have a simple page that does nothing but a > "session.getId()" and it returns a new session ID every 60 mins, there > must > be something in Tomcat that sets this interval. Obviously this setting is > missing from my config files so that Tomcat uses it's default. Has no one > ever wanted to change this setting before? I hate to sound beligerent but > I've authored and released what I feel to be a very nice application/web > site but the only feedback I'm getting is litterally users screaming at me > because I haven't fixed this yet. I'm going to have to start looking at > redesigning the login/verification process on every page (not a big site > but > still 20K of code) to work around this issue when I feel it has to be a > simple setting. > > If someone could answer this I'll give you my first born, send expensive > Christmas presents, lend you my wife. Thanking / Praising you in advance, > Kenny > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
