You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jonathan Eric Miller <je...@uchicago.edu> on 2005/04/12 23:55:29 UTC
Way to specify SingleSignOn session timeout?
I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what
the default session timeout is set to? Is there a way to specify this
timeout?
I'm finding that sometimes my session will timeout within an application,
but, it doesn't redisplay the login page. I want to try to set it up so that
the session timeout period is the same for all my applications (and the same
for the global one) and that whenever the session times out, the login page
is displayed.
Jon
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Way to specify SingleSignOn session timeout?
Posted by Jonathan Eric Miller <je...@uchicago.edu>.
After looking at the code, it looks like the SSO session doesn't go away
until all other sessions for the user have expired. So, as far as I can
tell, the SSO session doesn't have it's own session timeout as far as I can
tell.
Jon
----- Original Message -----
From: "Jonathan Eric Miller" <je...@uchicago.edu>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, April 13, 2005 11:00 AM
Subject: Re: Way to specify SingleSignOn session timeout?
> Thanks, but, I know how to set it for a given application. I want to know
> how to set it or at least find out what the default value is for the
> global session. I've noticed that there are two cookies. One is JSESSIONID
> which is for the application session. The other is JSESSIONSSO is is
> presumably for the global session.
>
> Jon
>
> ----- Original Message -----
> From: "Peter Rossbach" <pr...@objektpark.de>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Tuesday, April 12, 2005 10:56 PM
> Subject: Re: Way to specify SingleSignOn session timeout?
>
>
>> Look inside conf/web.xml
>>
>> <!-- created sessions by modifying the value -->
>>
>> <session-config>
>> <session-timeout>30</session-timeout>
>> </session-config>
>>
>> Peter
>>
>> Jonathan Eric Miller schrieb:
>>
>>> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know
>>> what the default session timeout is set to? Is there a way to specify
>>> this timeout?
>>>
>>> I'm finding that sometimes my session will timeout within an
>>> application, but, it doesn't redisplay the login page. I want to try to
>>> set it up so that the session timeout period is the same for all my
>>> applications (and the same for the global one) and that whenever the
>>> session times out, the login page is displayed.
>>>
>>> Jon
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Way to specify SingleSignOn session timeout?
Posted by Remy Maucherat <re...@gmail.com>.
On 4/14/05, Jonathan Eric Miller <je...@uchicago.edu> wrote:
> After looking at the code, it looks like the SSO session doesn't go away
> until all other sessions for the user have expired. So, as far as I can
> tell, the SSO session doesn't have it's own session timeout as far as I can
> tell.
Indeed.
OTOH, if one of the sessions is explicitely invalidated, the SSO will
go away right away. I think that's the most appropriate behavior, but
changing it is very easy using a little code hacking.
--
xxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Way to specify SingleSignOn session timeout?
Posted by Jonathan Eric Miller <je...@uchicago.edu>.
After looking at the code, it looks like the SSO session doesn't go away
until all other sessions for the user have expired. So, as far as I can
tell, the SSO session doesn't have it's own session timeout as far as I can
tell.
Jon
----- Original Message -----
From: "Jonathan Eric Miller" <je...@uchicago.edu>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, April 13, 2005 11:00 AM
Subject: Re: Way to specify SingleSignOn session timeout?
> Thanks, but, I know how to set it for a given application. I want to know
> how to set it or at least find out what the default value is for the
> global session. I've noticed that there are two cookies. One is JSESSIONID
> which is for the application session. The other is JSESSIONSSO is is
> presumably for the global session.
>
> Jon
>
> ----- Original Message -----
> From: "Peter Rossbach" <pr...@objektpark.de>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Tuesday, April 12, 2005 10:56 PM
> Subject: Re: Way to specify SingleSignOn session timeout?
>
>
>> Look inside conf/web.xml
>>
>> <!-- created sessions by modifying the value -->
>>
>> <session-config>
>> <session-timeout>30</session-timeout>
>> </session-config>
>>
>> Peter
>>
>> Jonathan Eric Miller schrieb:
>>
>>> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know
>>> what the default session timeout is set to? Is there a way to specify
>>> this timeout?
>>>
>>> I'm finding that sometimes my session will timeout within an
>>> application, but, it doesn't redisplay the login page. I want to try to
>>> set it up so that the session timeout period is the same for all my
>>> applications (and the same for the global one) and that whenever the
>>> session times out, the login page is displayed.
>>>
>>> Jon
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Way to specify SingleSignOn session timeout?
Posted by Jonathan Eric Miller <je...@uchicago.edu>.
Thanks, but, I know how to set it for a given application. I want to know
how to set it or at least find out what the default value is for the global
session. I've noticed that there are two cookies. One is JSESSIONID which is
for the application session. The other is JSESSIONSSO is is presumably for
the global session.
Jon
----- Original Message -----
From: "Peter Rossbach" <pr...@objektpark.de>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Tuesday, April 12, 2005 10:56 PM
Subject: Re: Way to specify SingleSignOn session timeout?
> Look inside conf/web.xml
>
> <!-- created sessions by modifying the value
> -->
>
> <session-config>
> <session-timeout>30</session-timeout>
> </session-config>
>
> Peter
>
> Jonathan Eric Miller schrieb:
>
>> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know what
>> the default session timeout is set to? Is there a way to specify this
>> timeout?
>>
>> I'm finding that sometimes my session will timeout within an application,
>> but, it doesn't redisplay the login page. I want to try to set it up so
>> that the session timeout period is the same for all my applications (and
>> the same for the global one) and that whenever the session times out, the
>> login page is displayed.
>>
>> Jon
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Way to specify SingleSignOn session timeout?
Posted by Peter Rossbach <pr...@objektpark.de>.
Look inside conf/web.xml
<!-- created sessions by modifying the value
below. -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
Peter
Jonathan Eric Miller schrieb:
> I'm using the SingleSignOn valve with Tomcat 5.5.9. Does anyone know
> what the default session timeout is set to? Is there a way to specify
> this timeout?
>
> I'm finding that sometimes my session will timeout within an
> application, but, it doesn't redisplay the login page. I want to try
> to set it up so that the session timeout period is the same for all my
> applications (and the same for the global one) and that whenever the
> session times out, the login page is displayed.
>
> Jon
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org