Official response from InetSoft: ************************************************************************ ********** If you request for a report and leave it running in the browser in v10.2, the report will send a heartbeat beacon to the report server to let the server know that the report is still active, which will effectively keep the user session active.
In v10.3, this has been enhanced so that the timeout value of the report will be taken into consideration, along with the heartbeat beacon mechanism instead of having the report be considered active if it is left open in the browser. ************************************************************************ ********** So, apparently, this is InetSoft's programming causing this, not a Tomcat bug and the settings are correct. Guess I just need to wait till 10.3... *sigh*. Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -----Original Message----- From: Debbie Shapiro Sent: Tuesday, September 14, 2010 4:17 PM To: 'Tomcat Users List' Subject: RE: session-timeout not taking effect waited an extra long time to test out the web page again, but it's still not timing out. I've asked InetSoft about the heartbeat requests. I'll update you all with what they say. Thanks! :-) Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -----Original Message----- From: Debbie Shapiro Sent: Tuesday, September 14, 2010 3:24 PM To: Tomcat Users List Subject: RE: session-timeout not taking effect I tested out navigating to another web page in a different window and coming back to the web app page after it should have timed out, but no go. I just removed the comments for the access log as you mentioned below. What I'm seeing in the access log are heartbeat requests? Like follows. I'm not touching the page and I did navigate to another page after I ran the report... 10.5.2.18 - - [14/Sep/2010:15:22:03 -0700] "POST /sree/Reports?op=heartbeat&ID=RA_QA[2f]PST[20]Complaints.12845027269201@ local&&isAJAXRequest=true&isContainer=false&isXML=false HTTP/1.1" 200 - I don't know if this is because we're using LDAP for our security and InetSoft is checking this constantly. I have a feeling that's what it is though. :-( Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -----Original Message----- From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Sent: Tuesday, September 14, 2010 2:48 PM To: Tomcat Users List Subject: Re: session-timeout not taking effect On Tue, Sep 14, 2010 at 11:39 PM, Debbie Shapiro <dshap...@cardiacscience.com> wrote: > I should add that I am neither a Java nor a Tomcat expert by any means. > Where would I find some of these settings? hmm may be a bit tricky > > I'm using IE to access this application. > > Where would one enable the access log? I essentially have the entire > Tomcat installation using the defaults at installation, with the > exception that I have included the InetSoft application directory in the > webapps folder. Is a valve usually on server.xml If you reciently downloaded tomcat and haven't played with these files there a commented out access log valve which you can uncomment ( i.e. remove <!-- and its end --> ) > If I navigate to another website and immediately navigate back to the > InetSoft page, it first displays a page that the login has expired and > then prompts me to login again. I don't suppose you know if its using urlRewriting to keep sessions. There may be something in the browser address bar that says jsessionid. >It's only if I leave the page up that it > seems to not expire. My version of IE doesn't have tabs (I'm still on > 6.0), so it's either change the current window to a new page or open a > new window. Thats fine for the test. Change the current window by navigating to another site and back (You said before it asks you for a login). I'd advise a better browser however. > I'm not sure how to determine that the session-timeout is anything other > than 30 minutes aside from looking at the web.xml file. Not familiar > with JConsole. I don't currently have the Tomcat manager running. I just > found the documentation concerning that part of the app and I will see > about getting that started. As I said, I have everything set to the > defaults... > > Sorry for the stupid question but when you said the session should be expired, I assume you don't mean the report shouldn't still be on the screen. Is this a public website where someone could test? Wes --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
