You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Wolfgang Trexler <W....@kpnqwest.at> on 2000/11/20 15:45:34 UTC

Strange behaviour of Tomcat/Apache and session management

Hi,

while debugging a WAP project with URL encoded Tomcat Sessions
(JSESSIONID) we encountered the following strange behavior:

WAP devices are (normally) not capable of using cookies, the session
management of Tomcat (if called standalone on port 8080) recognized this
and the method HttpServletResponse.encodeURL(url) returns a valid URL
with session ID's encoded within the URL. 

Once we switched to the production environment with Apache and mod_jk
(using apjv12) we encountered, that the method encodeURL(url) returned
URL's without session ID's encoded. Thus it seems Tomcats session
management thinks the device is capable of using cookies. We played
around with the setting in Tomcat and Apache and found the following
_strange_ behavior:

- in httpd.conf the directive 
  Port 80 (and no Listen directive) works NOT!
- in httpd.conf the directive 
  Listen 80 (and no Port directive) works

We didn't change anything else within the whole environment and were
able to reproduce this, that means we could switch between "session
handling without cookies - working/non-working" by changing the
Listen/Port directive and restarting the Apache server.

We've the following environment:
- Sun Solaris 2.6
- Solaris JDK 1.2.2_06_sparc
- Apache 1.3.12
- Tomcat 3.1 (final)

Any comments/ideas on that?


btw: thanks for the good work!

best regards
Wolfgang
-- 
KPNQwest Austria GmbH., A-1150 Wien, Diefenbachgasse 35
Ing. Wolfgang Trexler     Wolfgang.Trexler@KPNQwest.com
Web-Technik Business Solutions
Tel.: +43 (1) 899 33 - 141, Fax: +43 (1) 899 33 -10 141

Re: Session timeout

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

"Ivan E. Markovic" wrote:

> Quick question. How long are sessions inside Apache/Tomcat valid for?
> In all the Servlet documentation I have it is stated that session
> duration is server specific. So I checked the Tomcat and Apache docs
> and could find no indicator as to what that duration was. Anyone able
> to enlighten me?
>

You can set the default timeout in your web.xml file, using the <session-config>
element (see the spec, or one of the books or articles that talk about the
web.xml format).

If you do not specify it, Tomcat defaults to 30 minutes.

Note that you can also change the timeout on a session dynamically, by calling
the session.setMaxInactiveInterval() method.

> I v a n ...

Craig McClanahan

Session timeout

Posted by "Ivan E. Markovic" <iv...@sculptlight.com>.

Quick question. How long are sessions inside Apache/Tomcat valid for? 
In all the Servlet documentation I have it is stated that session 
duration is server specific. So I checked the Tomcat and Apache docs 
and could find no indicator as to what that duration was. Anyone able 
to enlighten me?

Thank you.

I v a n ...
Ivan Markovic
SculptLight
http://www.sculptlight.com
(+353) 87 2939256
(+353) 1 2982205

114 Lower Churchtown Rd,
Dublin 14,
Ireland.