so, i have implemented the following workaround. The problem results from my login page beeing a jsf page, rather then a plain html page. So, destroying the session on entering the page could not work, because faces re-creates the session while evaluating the html body - which contains references to a faces backing bean.
Solution: When entering the page the actual timeout is saved (in session) and then session timeout is extended to 20 hours. After a succesful login the timeout is restored to the old value. This works fine, only persons who leave their computers powered on over weekend will have a problem on monday morning. But however, this is tolerable... The only less satisfying point is, that http status 500 is not redirected to a specialised error page as configured in web.xml. This only works for status 404, but not for status 500. This may be an error somewhere in the depth of the app server. much thanks for listening....=) -- View this message in context: http://www.nabble.com/javax.faces.application.ViewExpiredException-tp22127510s134p22180855.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
