You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jonathan Eric Miller <je...@uchicago.edu> on 2005/04/12 23:55:29 UTC

Way to specify SingleSignOn session timeout?

I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what 
the default session timeout is set to? Is there a way to specify this 
timeout?

I'm finding that sometimes my session will timeout within an application, 
but, it doesn't redisplay the login page. I want to try to set it up so that 
the session timeout period is the same for all my applications (and the same 
for the global one) and that whenever the session times out, the login page 
is displayed.

Jon


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Way to specify SingleSignOn session timeout?

Posted by Jonathan Eric Miller <je...@uchicago.edu>.

After looking at the code, it looks like the SSO session doesn't go away 
until all other sessions for the user have expired. So, as far as I can 
tell, the SSO session doesn't have it's own session timeout as far as I can 
tell.

Jon

----- Original Message ----- 
From: "Jonathan Eric Miller" <je...@uchicago.edu>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, April 13, 2005 11:00 AM
Subject: Re: Way to specify SingleSignOn session timeout?


> Thanks, but, I know how to set it for a given application. I want to know 
> how to set it or at least find out what the default value is for the 
> global session. I've noticed that there are two cookies. One is JSESSIONID 
> which is for the application session. The other is JSESSIONSSO is is 
> presumably for the global session.
>
> Jon
>
> ----- Original Message ----- 
> From: "Peter Rossbach" <pr...@objektpark.de>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Tuesday, April 12, 2005 10:56 PM
> Subject: Re: Way to specify SingleSignOn session timeout?
>
>
>> Look inside conf/web.xml
>>
>>  <!-- created sessions by modifying the value -->
>>
>>    <session-config>
>>        <session-timeout>30</session-timeout>
>>    </session-config>
>>
>> Peter
>>
>> Jonathan Eric Miller schrieb:
>>
>>> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know 
>>> what the default session timeout is set to? Is there a way to specify 
>>> this timeout?
>>>
>>> I'm finding that sometimes my session will timeout within an 
>>> application, but, it doesn't redisplay the login page. I want to try to 
>>> set it up so that the session timeout period is the same for all my 
>>> applications (and the same for the global one) and that whenever the 
>>> session times out, the login page is displayed.
>>>
>>> Jon
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Way to specify SingleSignOn session timeout?

Posted by Remy Maucherat <re...@gmail.com>.

On 4/14/05, Jonathan Eric Miller <je...@uchicago.edu> wrote:
> After looking at the code, it looks like the SSO session doesn't go away
> until all other sessions for the user have expired. So, as far as I can
> tell, the SSO session doesn't have it's own session timeout as far as I can
> tell.

Indeed.

OTOH, if one of the sessions is explicitely invalidated, the SSO will
go away right away. I think that's the most appropriate behavior, but
changing it is very easy using a little code hacking.

-- 
xxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Way to specify SingleSignOn session timeout?

Posted by Jonathan Eric Miller <je...@uchicago.edu>.

After looking at the code, it looks like the SSO session doesn't go away 
until all other sessions for the user have expired. So, as far as I can 
tell, the SSO session doesn't have it's own session timeout as far as I can 
tell.

Jon

----- Original Message ----- 
From: "Jonathan Eric Miller" <je...@uchicago.edu>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, April 13, 2005 11:00 AM
Subject: Re: Way to specify SingleSignOn session timeout?


> Thanks, but, I know how to set it for a given application. I want to know 
> how to set it or at least find out what the default value is for the 
> global session. I've noticed that there are two cookies. One is JSESSIONID 
> which is for the application session. The other is JSESSIONSSO is is 
> presumably for the global session.
>
> Jon
>
> ----- Original Message ----- 
> From: "Peter Rossbach" <pr...@objektpark.de>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Tuesday, April 12, 2005 10:56 PM
> Subject: Re: Way to specify SingleSignOn session timeout?
>
>
>> Look inside conf/web.xml
>>
>>  <!-- created sessions by modifying the value -->
>>
>>    <session-config>
>>        <session-timeout>30</session-timeout>
>>    </session-config>
>>
>> Peter
>>
>> Jonathan Eric Miller schrieb:
>>
>>> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know 
>>> what the default session timeout is set to? Is there a way to specify 
>>> this timeout?
>>>
>>> I'm finding that sometimes my session will timeout within an 
>>> application, but, it doesn't redisplay the login page. I want to try to 
>>> set it up so that the session timeout period is the same for all my 
>>> applications (and the same for the global one) and that whenever the 
>>> session times out, the login page is displayed.
>>>
>>> Jon
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Way to specify SingleSignOn session timeout?

Posted by Jonathan Eric Miller <je...@uchicago.edu>.

Thanks, but, I know how to set it for a given application. I want to know 
how to set it or at least find out what the default value is for the global 
session. I've noticed that there are two cookies. One is JSESSIONID which is 
for the application session. The other is JSESSIONSSO is is presumably for 
the global session.

Jon

----- Original Message ----- 
From: "Peter Rossbach" <pr...@objektpark.de>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Tuesday, April 12, 2005 10:56 PM
Subject: Re: Way to specify SingleSignOn session timeout?


> Look inside conf/web.xml
>
>  <!-- created sessions by modifying the value 
>        -->
>
>    <session-config>
>        <session-timeout>30</session-timeout>
>    </session-config>
>
> Peter
>
> Jonathan Eric Miller schrieb:
>
>> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what 
>> the default session timeout is set to? Is there a way to specify this 
>> timeout?
>>
>> I'm finding that sometimes my session will timeout within an application, 
>> but, it doesn't redisplay the login page. I want to try to set it up so 
>> that the session timeout period is the same for all my applications (and 
>> the same for the global one) and that whenever the session times out, the 
>> login page is displayed.
>>
>> Jon
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Way to specify SingleSignOn session timeout?

Posted by Peter Rossbach <pr...@objektpark.de>.

Look inside conf/web.xml

  <!-- created sessions by modifying the value 
below.                       -->

    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>

Peter

Jonathan Eric Miller schrieb:

> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know 
> what the default session timeout is set to? Is there a way to specify 
> this timeout?
>
> I'm finding that sometimes my session will timeout within an 
> application, but, it doesn't redisplay the login page. I want to try 
> to set it up so that the session timeout period is the same for all my 
> applications (and the same for the global one) and that whenever the 
> session times out, the login page is displayed.
>
> Jon
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org