users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Tomcat session timeout

from [Herbers, Joe] [Permanent Link][Original]
To: "John Olmstead" <jolmstead2k@xxxxxxxxx>, "Cinjug" <users@xxxxxxxxxx>
Subject: RE: Tomcat session timeout
From: "Herbers, Joe" <joe.herbers@xxxxxxxxxx>
Date: Thu, 3 Jun 2004 09:27:37 -0400
Delivered-to: mailing list users@cinjug.org
Mailing-list: contact users-help@cinjug.org; run by ezmlm
Thread-index: AcRJa8XTfxSYVnxaRE6UNcof/DughwAAmuhg
Thread-topic: Tomcat session timeout 
Speaking of session timeouts on Tomcat, has anyone run into the apparent bug in 
Tomcat 4.1 where it ignores the value of your web.xml's session-timeout param 
and always times out sessions after 20 minutes of inactivity?  This appears to 
be fixed in Tomcat 5.1, but we could really use a workaround in 4.1 if anyone 
knows of anything.  Do any 
other AppServers ignore the session-timeout parameter?

Thanks, Joe

________________________________________
From: John Olmstead [mailto:jolmstead2k@xxxxxxxxx] 
Sent: Thursday, June 03, 2004 9:07 AM
To: Cinjug
Subject: [cinjug-users] HttpSessionListener Interface and Struts///Session 
Management

Ladies and Gentlemen;
 
I have a struts 1.1 application running on Tomcat 4.1.24 and am seeing some 
strange behaviour when sessions timeout.  I have a session listener class that 
implements the HttpSessionListener interface and is registered in the web.xml 
configuration.
 
My expectation and understanding is that when the container invalidates a 
session due to inactivity, the sessionDestroyed() method of listener interface 
will be executed. Is this correct???  I would expect that the session would 
already be invalid by the time this method is executed, but in 
example implementations of this interface, I see methods being called on 
session objects that I would expect to be null references based upon the 
containers action upon the object.
 
I would like to define a ExpiredSessionException, derived from 
org.apache.struts.util.ModuleException which I would like to throw from the 
sessionDestroyed() method of the listener when the session is destroyed because 
of inactivity.  This exception would be defined as a global exception in the 
struts configuration xml and would map back to the login page of the 
application.  Since there is nor request object associated with this action, a 
simple redirect is not available.
 
The desired behaviour is for the application to return to the login page upon 
session timeout, in the absence of an HttpRequest being generated.   Is this 
approach and expectations reasonable???
 
Thanks;
 
John Olmstead


John Olmstead
jolmstead2k@xxxxxxxxx
________________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • RE: Tomcat session timeout, Herbers, Joe <=
Previous by Date:  RE: [cinjug-users] HttpSessionListener Interface and Struts///Session Management, James Carman
Next by Date:  Fw: [cinjug-users] RE: Tomcat session timeout, Jason Kretzer/STAR BASE Consulting Inc.
Previous by Thread:  HttpSessionListener Interface and Struts///Session Management, John Olmstead
Next by Thread:  Fw: [cinjug-users] RE: Tomcat session timeout, Jason Kretzer/STAR BASE Consulting Inc.
Indexes:  [Date] [Thread] [Top] [All Lists]