Re: S138: TransAction Token lifetime very short?

[Paul Benedict <pb...@apache.org>]

Tokens are tied to the session. If the session disappears, so does the
ability to compare tokens. Why? A unique number (token) is generated and
stored in the session, which is then reprinted in the JSP as a hidden field.
When the form is submitted back, the hidden field is checked against the
session attribute. These must match for it to work.

Paul

On 9/23/07, Laurie Harper <la...@holoweb.net> wrote:
>
> Thomas.Zygadlewicz@swisslife.ch wrote:
> > Hello,
> >
> > I'm using the Transaction Token in my Struts138 App. But it seems the
> > token has a very short lifetime. I guess about 1-2 Minutes. How can I
> > manually correct it?
> > My inactivity timeout is set to 20 mins - so my token should be set to
> > the same value.
> > Can someone tell me how and where?
>
> I haven't used transaction tokens, but my understanding was that they're
> tied to the session. In that case, they shouldn't time out unless the
> session times out. Can you give some more details about how you're using
> them and how you're measuring this timeout?
>
> L.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>