You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Kenny G. Dubuisson, Jr." <kd...@kcmria.com> on 2002/12/20 16:05:31 UTC
Re: Session timeout setting (URGENT)
Simple minded as I am, I still believe with everything I have that there
MUST be a setting in Tomcat that controls how often new session ID's are
generated. If I have a simple page that does nothing but a
"session.getId()" and it returns a new session ID every 60 mins, there must
be something in Tomcat that sets this interval. Obviously this setting is
missing from my config files so that Tomcat uses it's default. Has no one
ever wanted to change this setting before? I hate to sound beligerent but
I've authored and released what I feel to be a very nice application/web
site but the only feedback I'm getting is litterally users screaming at me
because I haven't fixed this yet. I'm going to have to start looking at
redesigning the login/verification process on every page (not a big site but
still 20K of code) to work around this issue when I feel it has to be a
simple setting.
If someone could answer this I'll give you my first born, send expensive
Christmas presents, lend you my wife. Thanking / Praising you in advance,
Kenny
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Session timeout setting (URGENT)
Posted by "Kenny G. Dubuisson, Jr." <kd...@kcmria.com>.
Thanks for the response. Here is my questions?
> This is a standard configuration in the web.xml file, use:
>
> <session-config><session-timeout>60</session-timeout></session-config>
>
I checked my $CATALINA_HOME/conf/web.xml file and it currently has the
setting set to 30 mins. This says to me that this setting is not getting
used. I changed it to 120 and verified that 60 mins was still the default.
Any idea of why my web.xml is not getting used? I do not have an
application specific web.xml...the one in the conf directory is the only one
I have.
> Plus, check out the PersistentSessionManager, which can be used to get
> really long session timeouts by swapping idle sessions out to disk.
I read about this in the Tomcat docs but I'm not quite sure how to implement
this. Is there a simple howto on this that you know of?
Thanks,
Kenny
----- Original Message -----
From: "Kief Morris" <ki...@kief.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Friday, December 20, 2002 9:36 AM
Subject: Re: Session timeout setting (URGENT)
> Kenny G. Dubuisson, Jr. typed the following on 09:05 20/12/2002 -0600
> >Simple minded as I am, I still believe with everything I have that there
> >MUST be a setting in Tomcat that controls how often new session ID's are
> >generated.
>
> This is a standard configuration in the web.xml file, use:
>
> <session-config><session-timeout>60</session-timeout></session-config>
>
> Make sure it's in the right place inside the web.xml file,
> after servlet-mappings.
>
> You can also set it programmatically using
HttpSession.setMaxInactiveInterval(),
> which uses seconds rather than minutes.
>
> Plus, check out the PersistentSessionManager, which can be used to get
> really long session timeouts by swapping idle sessions out to disk.
>
> Kief
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Session timeout setting (URGENT)
Posted by Kief Morris <ki...@kief.com>.
Kenny G. Dubuisson, Jr. typed the following on 09:05 20/12/2002 -0600
>Simple minded as I am, I still believe with everything I have that there
>MUST be a setting in Tomcat that controls how often new session ID's are
>generated.
This is a standard configuration in the web.xml file, use:
<session-config><session-timeout>60</session-timeout></session-config>
Make sure it's in the right place inside the web.xml file,
after servlet-mappings.
You can also set it programmatically using HttpSession.setMaxInactiveInterval(),
which uses seconds rather than minutes.
Plus, check out the PersistentSessionManager, which can be used to get
really long session timeouts by swapping idle sessions out to disk.
Kief
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Session timeout setting (URGENT)
Posted by Jim Henderson <jg...@metafile.com>.
Mark, nice job! I have learned a thing or two from your note. When one (at
least this one) is in a hurry to put together an application, they often
gloss over important details. Thanks!
-----Original Message-----
From: Mark Eggers [mailto:its_toasted@yahoo.com]
Sent: Friday, December 20, 2002 11:38 AM
To: Tomcat Users List
Subject: Re: Session timeout setting (URGENT)
Ken,
Let me qualify this before giving you a possibility.
I have just started working with Tomcat as a
programmer (I'm mostly a system admin / integrator /
architect). And as another person on the mailing list
has pointed out, I am not a part of any apache.org
development team.
That said, I thought I would do a little bit of
research on your problem and try to help.
I'm using as a reference "Java Servlet Programming,
Second Edition" by Jason Hunter with William Crawford.
On pages 216-218, session timeout is discussed. It
appears that the following snippet of xml should be
placed in your web application web.xml file.
<session-config>
<session-timeout>
60
</session-timeout>
</session-config>
This sets the session timeout to 60 minutes. Before
going on, I noticed that the session timeout in the
Tomcat web.xml is set at 30 minutes (at least in my
installation of 4.1.12). So I am not sure where your
60 minute timeout is coming from.
The book also goes on to say that the session timeout
can be configured individually for a session with
getMaxInactiveInterval() and setMaxInactiveInterval().
The methods take (int) seconds as the argument, not
minutes.
Previous pages (212-216) talk about the session
tracking API and how to manage long term sessions.
The session tracking API section ends on page 229.
In short, there should be something useful in there
that can help you out of your problem.
I hope I've not been too pendantic and that this gives
you enough information to help you solve your problem.
/mde/
just my two cents . . . .
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Session timeout setting (URGENT)
Posted by Mark Eggers <it...@yahoo.com>.
Ken,
Let me qualify this before giving you a possibility.
I have just started working with Tomcat as a
programmer (I'm mostly a system admin / integrator /
architect). And as another person on the mailing list
has pointed out, I am not a part of any apache.org
development team.
That said, I thought I would do a little bit of
research on your problem and try to help.
I'm using as a reference "Java Servlet Programming,
Second Edition" by Jason Hunter with William Crawford.
On pages 216-218, session timeout is discussed. It
appears that the following snippet of xml should be
placed in your web application web.xml file.
<session-config>
<session-timeout>
60
</session-timeout>
</session-config>
This sets the session timeout to 60 minutes. Before
going on, I noticed that the session timeout in the
Tomcat web.xml is set at 30 minutes (at least in my
installation of 4.1.12). So I am not sure where your
60 minute timeout is coming from.
The book also goes on to say that the session timeout
can be configured individually for a session with
getMaxInactiveInterval() and setMaxInactiveInterval().
The methods take (int) seconds as the argument, not
minutes.
Previous pages (212-216) talk about the session
tracking API and how to manage long term sessions.
The session tracking API section ends on page 229.
In short, there should be something useful in there
that can help you out of your problem.
I hope I've not been too pendantic and that this gives
you enough information to help you solve your problem.
/mde/
just my two cents . . . .
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Session timeout setting (URGENT)
Posted by Milt Epstein <me...@uiuc.edu>.
On Fri, 20 Dec 2002, Kenny G. Dubuisson, Jr. wrote:
> Simple minded as I am, I still believe with everything I have that
> there MUST be a setting in Tomcat that controls how often new
> session ID's are generated. If I have a simple page that does
> nothing but a "session.getId()" and it returns a new session ID
> every 60 mins, there must be something in Tomcat that sets this
> interval. Obviously this setting is missing from my config files so
> that Tomcat uses it's default. Has no one ever wanted to change
> this setting before? I hate to sound beligerent but I've authored
> and released what I feel to be a very nice application/web site but
> the only feedback I'm getting is litterally users screaming at me
> because I haven't fixed this yet. I'm going to have to start
> looking at redesigning the login/verification process on every page
> (not a big site but still 20K of code) to work around this issue
> when I feel it has to be a simple setting.
First of all, I couldn't tell from your description in your first
message in this thread the other day whether you're using your own
session cookie mechanism, or whether you're using the standard session
API mechanism. Could you clarify that? If you are using your own,
what you're seeing could be some artifact of that.
Otherwise, instead of assuming there is some simple setting to change,
I'd suggest taking a closer look at your own code, and how you're
using the built-in facilities, even posting the code here if you're
not sure, to see if the problem lies there. Several people have
already pointed out the standard mechanisms for handling session
timeouts, and I'm not sure there's anything else to say about that --
it looks like a dead end.
BTW, do you really have a page that just does session.getId() and
you're seeing this problem with that?
I'd also suggest you really verify that it is the regular session
timeout that is going on. You might be able to do that bu checking
the logs, or at worst, write your own SessionActivationListener (or
whatever it's called) to catch the session being deactivated and
record that.
Actually, if the session is being deactivated/renewed an hour after
it's created, regardless of activity, then it most likely is not the
standard session timeout that's causing it, because that's an *idle*
timeout, not a duration timeout.
In sum, I really think you need to do some more investigation into
what's going on, by checking logs and/or trying some things to see
what happens, etc., as opposed to looking for a quick fix. Sorry, but
that's generally the way things work.
Milt Epstein
Research Programmer
Integration and Software Engineering (ISE)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)
mepstein@uiuc.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>