On Fri, 20 Dec 2002, Kenny G. Dubuisson, Jr. wrote: > Thanks for the quick response. Here are my responses: > > > - Tomcat's conf web.xml sets the default session-timeout (in > > session-config element) to use for all web apps. > > That makes sense to me but the setting in my > $CATALINA_HOME/conf/web.xml is set to 30 mins which to me says that > Tomcat is not using it.
I just posted a response in this thread, and as I suggested there, my sense is that what's going on with your webapp is not related to the tomcat session timeout. I suspect there is something else going on, and you're going to need to do some further investigation on your own and/or provide more information to us to get to the bottom of it. > > - You can specify a different session-timeout in each specific web > > app you deploy in the web app's WEB-INF/web.xml file. > > I haven't created a web.xml for my app...should I? I tried copying I'd say you should -- regardless of its relation to this problem. It is a good idea to define your servlets, and provide mapping's to access them. The conf/web.xml will allow you to provide some site-wide defaults, but it does nothing specific to your webapp. > the $CATALINA_HOME/conf/web.xml over to my app's WEB-INF directory > and changing the session-timeout setting to 120 mins to see if it > worked. The problem was that my app totally stopped working; I > couldn't even get my main login page to display. This says to me > that there is a lot more involved in creating a web.xml than just > copying it over from the conf directory. But realistically I don't And that is something that you should probably learn, because it may help in this situation, and if not, it quite likely will help in the future. webapp-specific web.xmls's do not have to be very complicated. > really want to create one just for my app; my app is and will be the > only app on my server. I would rather try to get Tomcat to use the > setting in the conf/web.xml file. > > > - This session timeout can still be overridden in application code using > > the session.setMaxInactiveInterval method. > > I have no qualms about putting this in my code but not quite sure > how to use it. Would I fetch the session ID and then call this > method and it would keep from resetting the session ID the next time > I go to check it. I guess my question mainly is would I call this > method once upon login to my app and from then on every other page > would use the timeout that the method call sets? > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Friday, December 20, 2002 9:34 AM > Subject: Re: Session timeout setting (URGENT) > > > > Hi, Kenny. > > > > I think this is basically how it works: > > > > - Tomcat's conf web.xml sets the default session-timeout (in > > session-config element) to use for all web apps. > > > > - You can specify a different session-timeout in each specific web app you > > deploy in the web app's WEB-INF/web.xml file. > > > > - This session timeout can still be overridden in application code using > > the session.setMaxInactiveInterval method. > > > > I hope this helps you find the problem. > > > > -Jeff > > > > > > > > > > > > "Kenny G. Dubuisson, Jr." <[EMAIL PROTECTED]> > > 12/20/02 09:05 AM > > Please respond to "Tomcat Users List" > > > > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > cc: > > Subject: Re: Session timeout setting (URGENT) > > > > > > Simple minded as I am, I still believe with everything I have that there > > MUST be a setting in Tomcat that controls how often new session ID's are > > generated. If I have a simple page that does nothing but a > > "session.getId()" and it returns a new session ID every 60 mins, there > > must > > be something in Tomcat that sets this interval. Obviously this setting is > > missing from my config files so that Tomcat uses it's default. Has no one > > ever wanted to change this setting before? I hate to sound beligerent but > > I've authored and released what I feel to be a very nice application/web > > site but the only feedback I'm getting is litterally users screaming at me > > because I haven't fixed this yet. I'm going to have to start looking at > > redesigning the login/verification process on every page (not a big site > > but > > still 20K of code) to work around this issue when I feel it has to be a > > simple setting. > > > > If someone could answer this I'll give you my first born, send expensive > > Christmas presents, lend you my wife. Thanking / Praising you in advance, > > Kenny > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
