After discussing it with James and doing some testing, it looks like this
problem is fixed in Tomcat 4.1.30. We had been using 4.1.27 when we found it,
so it was worth the couple minutes to upgrade.
-----Original Message-----
From: Herbers, Joe
Sent: Thursday, June 03, 2004 9:28 AM
To: John Olmstead; Cinjug
Subject: [cinjug-users] RE: Tomcat session timeout
Speaking of session timeouts on Tomcat, has anyone run into the apparent bug in
Tomcat 4.1 where it ignores the value of your web.xml's session-timeout param
and always times out sessions after 20 minutes of inactivity? This appears to
be fixed in Tomcat 5.1, but we could really use a workaround in 4.1 if anyone
knows of anything. Do any other AppServers ignore the session-timeout
parameter?
Thanks, Joe
________________________________________
From: John Olmstead [mailto:jolmstead2k@xxxxxxxxx]
Sent: Thursday, June 03, 2004 9:07 AM
To: Cinjug
Subject: [cinjug-users] HttpSessionListener Interface and Struts///Session
Management
Ladies and Gentlemen;
I have a struts 1.1 application running on Tomcat 4.1.24 and am seeing some
strange behaviour when sessions timeout. I have a session listener class that
implements the HttpSessionListener interface and is registered in the web.xml
configuration.
My expectation and understanding is that when the container invalidates a
session due to inactivity, the sessionDestroyed() method of listener interface
will be executed. Is this correct??? I would expect that the session would
already be invalid by the time this method is executed, but in
example implementations of this interface, I see methods being called on
session objects that I would expect to be null references based upon the
containers action upon the object.
I would like to define a ExpiredSessionException, derived from
org.apache.struts.util.ModuleException which I would like to throw from the
sessionDestroyed() method of the listener when the session is destroyed because
of inactivity. This exception would be defined as a global exception in the
struts configuration xml and would map back to the login page of the
application. Since there is nor request object associated with this action, a
simple redirect is not available.
The desired behaviour is for the application to return to the login page upon
session timeout, in the absence of an HttpRequest being generated. Is this
approach and expectations reasonable???
Thanks;
John Olmstead
John Olmstead
jolmstead2k@xxxxxxxxx
________________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger
---------
You may unsubscribe from this mailing list
by sending a blank email addressed to:
users-unsubscribe@xxxxxxxxxx
--
Find additional help by sending a blank email
addressed to:
users-help@xxxxxxxxxx
|