You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/11/04 15:38:08 UTC
DO NOT REPLY [Bug 37356] New: -
Tomcat does not invalidate sessions after session-timeout period has passed.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37356>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37356
Summary: Tomcat does not invalidate sessions after session-
timeout period has passed.
Product: Tomcat 5
Version: 5.0.28
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: eddiew@oakleafconsultancy.com
I am encountering a problem with Tomcat 5.0.28. I have an application which
times users sessions out after 5 minutes of inactivity.
I have written some extensions to the manager app that allow me to list
sessions for a given context and also to force an invalidation of sessions
that have been idle for over a specified period of time.
Using these tools I can see that I have a lot of sessions with an idle_time
far in excess of 5 minutes - values of over 24 hours are not uncommon.
Using my manager extensions I am then able to force these sessions to
invalidate, at which point my HttpSessionBindingListener class (valueUnbound
method) is invoked and logs the user connected to that session out, before
invalidating the session and it being removed from the list of sessions.
The fact that the user log out can take place without any problems on
these 'stale' sessions seems to indicate that the problem is that the session
has not been invalidated - as in Tomcat has made no attempt to invalidate the
session after the idle expiry time has passed, there are no error messages
posted in any logs and try as I might I am unable to reproduce this behaviour
on 2 other test systems even when completing the same actions as the
production system users do that cause this problem.
Clearly I have checked that the configuration is correct - indeed some
sessions will be timed out as expected so there cannot be a configuration
problem.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org