Hi The session timeout will occur when the user does not perform any activity for a time longer than session timeout value. Since your app uses URL rewriting method of session maintenance, any request from the browser after session timeout, will still be sending the old jsessionid.
To solve the problem, there should be a filter that checks the user session for authentication and if not authenticated, redirect to the login page. In this way, a new session may be created, but the user will be required to login again. Thanks Tejas -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 26, 2006 7:41 PM To: Tomcat Users List Subject: Re: Tomcat creates a jsessionid cookie when session timeouts By the way, this behaviour only happens in Mozilla/Firefox, it does not happen in Internet Explorer. Regards, Luís Amorim Luis AMORIM/PT/[EMAIL PROTECTED] 26-07-2006 13:10 Please respond to "Tomcat Users List" To: users@tomcat.apache.org cc: Subject: Tomcat creates a jsessionid cookie when session timeouts Hi there. I have the following problem occuring in my web application. I am using struts and I am using the url rewriting method for session maintenance, but when a timeout occurs the tomcat application server sets a cookie named jsessionid (used for session tracking purposes) with a new session id value before redirecting the user to the login page. This jsessionid cookie value does not match the previous session id, it is a new one. When the user logs in again after the timeout, a new HttpSession object is created in the login process with a new session id, storing the user information in a variable in that HttpSession object. However, after the initial login process, the application server always gets the session from the id provided by the cookie created when the timeout occured, causing an error to occur because there is no user information in that session. The problem resides in the cookie created when the timeout occurs. Does tomcat create a cookie every time a timeout happens? I think this is a tomcat issue. Until now I've been unable to solve the problem and I haven't found a way to disable cookie session tracking in tomcat. Can anyone please help me solve this problem? Does tomcat always creates a jsessionid cookie when a timeout occurs or this just happens in my web app? And if this is a tomcat issue, how do I disallow this (if it is possible, anyway)? Regards, Luis Amorim http://www.patni.com World-Wide Partnerships. World-Class Solutions. _____________________________________________________________________ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _____________________________________________________________________
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
