You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by kartweel <rh...@exemail.com.au> on 2009/07/14 09:44:40 UTC
T5.1 User authentication, session expiring even though sso is
accessed every request
Hi,
I'm scratching my head a bit with my "user" object expiring in the session.
I'm using the dispatcher method for setting up access control as in the wiki
( http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2 ). Now
everything is working great except that after around the 20 minute mark (of
actively using the app) I'm presented with the login screen again. So what I
think is happening is the session is expiring based off when the object was
first created, and it isn't being updated.
I tried adding an applicationStateManager.set(...), thinking that might
refresh the object, but that didn't work.
As a side thing, shouldn't the session expiry timer start again every time
the client accesses the session?, or do I need to actually call a method
somewhere to update the session timer? Or does tapestry manage itself on-top
of the session and I need to "refresh" every object I put in there?
I am suprised because I have a few page @persist object in the session too,
so I don't see how the session would expire...
I'm currently using tapestry 5.1.4 on Jetty 6.1.15
Anyways, thanks for the help.
Ryan
--
View this message in context: http://www.nabble.com/T5.1-User-authentication%2C-session-expiring-even-though-sso-is-accessed-every-request-tp24475080p24475080.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.1 User authentication, session expiring even though sso is
accessed every request
Posted by Massimo Lusetti <ml...@gmail.com>.
Have a look at chenillekit-access source code, there could be hints for you.
Cheers
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.1 User authentication, session expiring even though sso is
accessed every request
Posted by kartweel <rh...@exemail.com.au>.
New thoughts.
Could it be the session cookie not being renewed on the browser?. That would
also make sense as I set the session timeout to 900 minutes in the web.xml
and it didn't make any difference... So yes as you say appears to be a
servlet container / browser problem.
Thanks!
Thiago H. de Paula Figueiredo wrote:
>
>
> It's not Tapestry the one which handles the session termination, it's the
> servlet container (Tomcat, Jetty, etc), so most probably this is not a
> Tapestry issue.
>
>> As a side thing, shouldn't the session expiry timer start again every
>> time the client accesses the session?,
>
> This is a servlet container issue.
>
>
--
View this message in context: http://www.nabble.com/T5.1-User-authentication%2C-session-expiring-even-though-sso-is-accessed-every-request-tp24475080p24490295.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.1 User authentication, session expiring even though sso is
accessed every request
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
Em Tue, 14 Jul 2009 04:44:40 -0300, kartweel <rh...@exemail.com.au>
escreveu:
> Hi,
Hi!
> I'm scratching my head a bit with my "user" object expiring in the
> session. I'm using the dispatcher method for setting up access control
> as in the wiki (
> http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2 ). Now
> everything is working great except that after around the 20 minute mark
> (of actively using the app) I'm presented with the login screen again.
It's not Tapestry the one which handles the session termination, it's the
servlet container (Tomcat, Jetty, etc), so most probably this is not a
Tapestry issue.
> As a side thing, shouldn't the session expiry timer start again every
> time the client accesses the session?,
This is a servlet container issue.
> or do I need to actually call a method
> somewhere to update the session timer? Or does tapestry manage itself
> on-top of the session and I need to "refresh" every object I put in
> there?
AFAIK, no.
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org