I have a simple authentication logic in my applications, where I store the current user in the session and check with a filter if the current user value is not null.
Eventually I see some null pointer exceptions in my Tomcat 7.0.47 that happened in JSF managed beans because the current user value was null. The problem is that the stackTrace shows that login filter was executed correctly, so I guess the session timed out right after the getAttribute() call in the filter, which would explain why there still was value in the filter but not in the managed bean. After some research I found this: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Sessions Would org.apache.catalina.session.StandardSession.ACTIVITY_CHECK solve this problem? What about org.apache.catalina.core.StandardHostValve.ACCESS_SESSION and org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START? Thanks
