You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/11/04 15:38:08 UTC

DO NOT REPLY [Bug 37356] New: - Tomcat does not invalidate sessions after session-timeout period has passed.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37356>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37356

           Summary: Tomcat does not invalidate sessions after session-
                    timeout period has passed.
           Product: Tomcat 5
           Version: 5.0.28
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: eddiew@oakleafconsultancy.com


I am encountering a problem with Tomcat 5.0.28. I have an application which 
times users sessions out after 5 minutes of inactivity. 

I have written some extensions to the manager app that allow me to list 
sessions for a given context and also to force an invalidation of sessions 
that have been idle for over a specified period of time.

Using these tools I can see that I have a lot of sessions with an idle_time 
far in excess of 5 minutes - values of over 24 hours are not uncommon.

Using my manager extensions I am then able to force these sessions to 
invalidate, at which point my HttpSessionBindingListener class (valueUnbound 
method) is invoked and logs the user connected to that session out, before 
invalidating the session and it being removed from the list of sessions. 

The fact that the user log out can take place without any problems on 
these 'stale' sessions seems to indicate that the problem is that the session 
has not been invalidated - as in Tomcat has made no attempt to invalidate the 
session after the idle expiry time has passed, there are no error messages 
posted in any logs and try as I might I am unable to reproduce this behaviour 
on 2 other test systems even when completing the same actions as the 
production system users do that cause this problem.

Clearly I have checked that the configuration is correct - indeed some 
sessions will be timed out as expected so there cannot be a configuration 
problem.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org