[users@httpd] Stupid question regarding session

[Gregor Schneider <rc...@googlemail.com>]

Dear all,

just a stupid question regarding Apache and sessions:

We are running Apache 2.0.5x together with Tomcat 5.15.x and are using
mod_auth_cookie_mysql. Authorization is handeld via Tomcat.

Now mod_auth_cookie_mysql sets an expiration-time into the
MySQL-database, after which the cookie is not valid any more, thus the
Apache-session will time out and the user is forced to
re-authenticate.

Now here comes my question:

In Tomcat, the Session is defined as "Max. Time Of Inactivity",
meaning when the user interacts with Tomcat, the session is prolonged
for the time specified in the web app's web.xml-file.

What about Apache http? Will the session also be prolonged when the
user interacts with Apache (i.e. content is served)?

In case someone is using mod_auth_cookie_mysql, will Apache update the
entry for session-expiration in the MySQL-database?

How is the default behaviour of Apache with sessions?

I'd appreciate any hints about where this can be read, i.e. RFC or similar.

TIA

Greg
-- 
what's puzzlin' you, is the nature of my game

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org