You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by raj <ra...@clarologic.com> on 2001/11/07 13:11:40 UTC

The SingleSignOn rule

The Catalina documentation on hosts says:

"As soon as the user logs out of one web application (for example, by 
invalidating or timing out the corresponding session if form based login 
is used), the user's sessions in all web applications will be 
invalidated. Any subsequent attempt to access a protected resource in 
any application will require the user to authenticate himself or herself 
again."

If I have two servlets
- servlet A with session time out of 10 mins.
- servlet B with a session timeout of 30 mins.

If user accesses both A & B,  after 11 min.of idle time, user will be 
asked to login again, when trying to access servlet B.

Have I understood this correctly?

Cheers
-raj


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>