You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2000/09/08 03:20:32 UTC

BugRat Report #85 has been filed.

Bug report #85 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/85>

REPORT #85 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment: 
   Release: 3.1
   JVM Release: Sun JDK 1.3
   Operating System: Windows NT Workstation
   OS Release: 4.0
   Platform: x86

Synopsis: 
Improper Session timeout - getLastAccessTime() not reset

Description:
The inactive time of an user does not always get reset for all the requests made in a specific web application context.

This was verified by session.getLastAccessTime() method.

For instance for request#1, if session.getLastAccessTime() returned x, and if request#2 is made after x+n seconds, session.getAccessTime() does not reflect the x+n seconds, but returns x!

This causes the session to time out n seconds early.

Please note that 'n' is like 40 - 50 seconds.

The web site is a mixture of servlets / jsp pages using the model#2 architecture (servlet - bean - jsp using RequestDispatcher).