Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Java Open Source > Apache Tomcat
Apache Tomcat General discussion of the Apache Tomcat servlet container. For discussions specific to the Professional Apache Tomcat book, please see the book discussion forum for that book.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Apache Tomcat section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old February 16th, 2006, 01:19 PM
Registered User
Join Date: Feb 2006
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Session/Timeout management

Hey guys,

We're running a Tomcat 5.0.28 server at work and encountering a problem that I was hoping someone could advise me on. We're also using Struts, J2EE, Spring, and Hibernate.

The problem that we have is with timeouts and redirecting. I set my session to 2 minutes in development (which almost isn't enough time to debug before it times out :P) to observe this problem. Here's the situation:

User goes to a page that is ID dependent (for an employee or account, etc)
User doesn't do anything for 30 minutes, timeout occurs
User clicks on another link, gets forwarded to login page as per Tomcat due to session expiration
User logs in
Session information is compromised, causing the ID to be null and throwing an error.
Other problem not directly related is that the header pages we have don't seem to refresh and call their respective actions when this occurs, but I'll figure out a way around that.

The biggest problem is the unique ID getting tossed. I've recently realized that this is the cause of 90% of the errors in our app. Is there any good, secure way of caching some session data or making a copy of a session and just renewing it? Is this a Tomcat setting or am I going to have to right my own top-level session manager?

Old April 8th, 2006, 04:26 AM
Authorized User
Join Date: Mar 2006
Posts: 40
Thanks: 0
Thanked 0 Times in 0 Posts

In web.xml, we can specify session-timeout in minutes:-


Default session-timeout value is 30 minutes.

Similar Threads
Thread Thread Starter Forum Replies Last Post
Session Timeout aspless Classic ASP Basics 1 February 21st, 2008 04:46 PM
Session timeout... rupen Classic ASP Professional 1 January 3rd, 2007 09:35 AM
session timeout bikki_suresh ASP.NET 1.0 and 1.1 Professional 1 October 11th, 2006 07:33 AM
session timeout bikki_suresh ASP.NET 1.0 and 1.1 Basics 0 October 10th, 2006 12:16 AM
Session Timeout lcsgeek Classic ASP Basics 1 October 6th, 2003 01:53 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.