Discussion:
Tomcat totally ignores my timeout-settings
Hendrik Neumann
2005-05-18 13:11:01 UTC
Permalink
Hi everybody,

I have the following problem: I have created and registered an
HttpSessionListener which sets the MaxInactiveInterval to 120 seconds in the
sessionCreated-method, whenever a new session is created. Then I have
System.out.println("session is killed") in the sessionDestroyed-method of
this listener. But the sessionDestroyed-method is never called and the
session is NEVER killed. I have also a
<session-config>
<session-timeout>2</session-timeout>
</session-config>
in my web.xml but this doesn't help ether.

What am I doing wrong? Why doesn't tomcat kill my session, why does it ignore
my settings?

The following is a small part from my logfile. As you can see, the timeout is
never called by tomcat (look at the time-values). The session is only
destroyed if the user uses the logout-button:


############## /var/log/messages/tomcat5/ catalina.out ###################

new session-object created, # '9A8DC55C6B8043AA6BE12E9027699C64'
-> CreationTime (DD.MM.YY HH:MM): 18.05.05 14:11
-> MaxInactiveInterval: 120 seconds
-> Web-Browser: Mozilla/5.0 (compatible; Konqueror/3.4; Linux
2.6.11-gentoo-r8; X11; i686; de) KHTML/3.4.0 (like Gecko)

logged in: admin (Administrator, 11)', from session-id
'9A8DC55C6B8043AA6BE12E9027699C64'
-> Time (DD.MM.YY HH:MM): 18.05.05 14:15

admin (Administrator, 9A8DC55C6B8043AA6BE12E9027699C64) manually logs out!
-> Time (DD.MM.YY HH:MM): 18.05.05 14:20

session destroyed for 9A8DC55C6B8043AA6BE12E9027699C64 (username: admin)

############################################

What can I do to solve this problem?

Greetings,
Hendrik
Raghupathy,Gurumoorthy
2005-05-18 13:42:32 UTC
Permalink
Are you creating a basic authentication or form based authentication ?

-----Original Message-----
From: Hendrik Neumann [mailto:***@hendrik-neumann.de]
Sent: 18 May 2005 14:11
To: tomcat-***@jakarta.apache.org
Subject: Tomcat totally ignores my timeout-settings


Hi everybody,

I have the following problem: I have created and registered an
HttpSessionListener which sets the MaxInactiveInterval to 120 seconds in the

sessionCreated-method, whenever a new session is created. Then I have
System.out.println("session is killed") in the sessionDestroyed-method of
this listener. But the sessionDestroyed-method is never called and the
session is NEVER killed. I have also a
<session-config>
<session-timeout>2</session-timeout>
</session-config>
in my web.xml but this doesn't help ether.

What am I doing wrong? Why doesn't tomcat kill my session, why does it
ignore
my settings?

The following is a small part from my logfile. As you can see, the timeout
is
never called by tomcat (look at the time-values). The session is only
destroyed if the user uses the logout-button:


############## /var/log/messages/tomcat5/ catalina.out ###################

new session-object created, # '9A8DC55C6B8043AA6BE12E9027699C64'
-> CreationTime (DD.MM.YY HH:MM): 18.05.05 14:11
-> MaxInactiveInterval: 120 seconds
-> Web-Browser: Mozilla/5.0 (compatible; Konqueror/3.4; Linux
2.6.11-gentoo-r8; X11; i686; de) KHTML/3.4.0 (like Gecko)

logged in: admin (Administrator, 11)', from session-id
'9A8DC55C6B8043AA6BE12E9027699C64'
-> Time (DD.MM.YY HH:MM): 18.05.05 14:15

admin (Administrator, 9A8DC55C6B8043AA6BE12E9027699C64) manually logs out!
-> Time (DD.MM.YY HH:MM): 18.05.05 14:20

session destroyed for 9A8DC55C6B8043AA6BE12E9027699C64 (username: admin)

############################################

What can I do to solve this problem?

Greetings,
Hendrik


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-***@jakarta.apache.org
For additional commands, e-mail: tomcat-user-***@jakarta.apache.org
Hendrik Neumann
2005-05-18 14:13:55 UTC
Permalink
nor, still now I don't use an "offical" authentication-method which is
protected by a login-config-tag. my login-method just loads a usergroup out
of the database which has specific access-rights and associates it with the
current user-objects which belongs to one session-object. but this runs
without tomcat or the web.xml-file or any offical auth-method.

I'm quite sure that the timeout-problems are independent from my login-method.
I have a personal testing-server which has just been used by myself in the
last 8 hours and till now the tomcat-manager tells me, that there are 35
sessions running (because the sessions are not killed)...

P.S: I'm using a hibernate-connection-pool, could this cause the trouble?
Hendrik Neumann
2005-05-18 20:41:46 UTC
Permalink
okay, now I've created a new, small web-project with a very simple web.xml
just containing the HttpSessionListener, a 2-minute-session-timeout and very
small index.jsp and it works without any problems! but my original
jsf-web-app still doesn not release the sessions (I already have 40 sessions
on my personal testing systems)...

So is it a bug in my web-app? And if it is - how can I get to the bottom of
this problem, how can I solve it? Any ideas???
Post by Hendrik Neumann
Hi everybody,
I have the following problem: I have created and registered an
HttpSessionListener which sets the MaxInactiveInterval to 120 seconds in
the sessionCreated-method, whenever a new session is created. Then I have
System.out.println("session is killed") in the sessionDestroyed-method of
this listener. But the sessionDestroyed-method is never called and the
session is NEVER killed. I have also a
<session-config>
<session-timeout>2</session-timeout>
</session-config>
in my web.xml but this doesn't help ether.
What am I doing wrong? Why doesn't tomcat kill my session, why does it
ignore my settings?
The following is a small part from my logfile. As you can see, the timeout
is never called by tomcat (look at the time-values). The session is only
############## /var/log/messages/tomcat5/ catalina.out
###################
new session-object created, # '9A8DC55C6B8043AA6BE12E9027699C64'
-> CreationTime (DD.MM.YY HH:MM): 18.05.05 14:11
-> MaxInactiveInterval: 120 seconds
-> Web-Browser: Mozilla/5.0 (compatible; Konqueror/3.4; Linux
2.6.11-gentoo-r8; X11; i686; de) KHTML/3.4.0 (like Gecko)
logged in: admin (Administrator, 11)', from session-id
'9A8DC55C6B8043AA6BE12E9027699C64'
-> Time (DD.MM.YY HH:MM): 18.05.05 14:15
admin (Administrator, 9A8DC55C6B8043AA6BE12E9027699C64) manually logs out!
-> Time (DD.MM.YY HH:MM): 18.05.05 14:20
session destroyed for 9A8DC55C6B8043AA6BE12E9027699C64 (username: admin)
############################################
What can I do to solve this problem?
Greetings,
Hendrik
---------------------------------------------------------------------
Loading...