We're running a Tomcat 5.0.28 server at work and encountering a problem that I was hoping someone could advise me on. We're also using Struts, J2EE, Spring, and Hibernate.
The problem that we have is with timeouts and redirecting. I set my session to 2 minutes in development (which almost isn't enough time to debug before it times out :P) to observe this problem. Here's the situation:
User goes to a page that is ID dependent (for an employee or account, etc)
User doesn't do anything for 30 minutes, timeout occurs
User clicks on another link, gets forwarded to login page as per Tomcat due to session expiration
User logs in
Session information is compromised, causing the ID to be null and throwing an error.
Other problem not directly related is that the header pages we have don't seem to refresh and call their respective actions when this occurs, but I'll figure out a way around that.
The biggest problem is the unique ID getting tossed. I've recently realized that this is the cause of 90% of the errors in our app. Is there any good, secure way of caching some session data or making a copy of a session and just renewing it? Is this a Tomcat setting or am I going to have to right my own top-level session manager?