Re: Doubt in Single Sign On !!!

Mon, 27 Jan 2003 21:12:55 -0800

Yeah, I accept that SSO is for authentication purposes alone.

My problem is different. Lets us consider the same two contexts A and B. I authenticate myself at context A. Once i authenticate, a JSESSIONIDSSO is created and sent as a cookie. The StandardSession object for context A will be associated to the SSO ID. Now after some time if i move on to context B, then the StandardSession Object of context B will also be associated with the SSO ID. If my time out period is 20 minutes and if i stay in context B alone for more than that time, the session of context A will be timed out. When this happens, SSO ID will be deregistered and as a result all the associated sessions will be invalidated. Therefore at the time of this happening, even if i am actively working in context B, i will asked to reauthenticate myself.

This is the reason why i thought that SSO should take care of session time outs also.

Thanks
Shanmugam.PL

Craig R. McClanahan wrote:

On Mon, 27 Jan 2003, shanmugampl wrote:


Date: Mon, 27 Jan 2003 14:13:57 +0530
From: shanmugampl <[EMAIL PROTECTED]>
Reply-To: Tomcat Users List <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Doubt in Single Sign On !!!

Hi All,

I am using tomcat 4.1.18 and have enabled Single Sign On. I have
two contexts A and B and the files present inside the /jsp directories
of both the contexts are secured. In the global web.xml file i have my
session time out changed to 10 minutes.

With this setup, i login into context A and after some time move to
context B. After moving to context B, i was going through the files
present in context B alone. As i kept on working in context B, the
session of context A got timed out and i was again asked to authenticate
myself.

As i have enabled SSO, shouldn't accessing any one context keep all
the other accessed contexts alive. i.e context A should be alive, even
when not accessed for a long time because context B is accessed frequently.

Hope i am clear. That is how SSO should work, right . Have I
misunderstood anything or have I configured anything wrongly.


SSO has nothing at all to do with session timeouts. It only involves
authentication.


Thanks
Shanmugam.PL


Craig



--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>























					Reply via email to