Urvish, Urvish Shah wrote: > In our application we are using Tomcat 5.5.9. Our tomcat session time > out is 30 minutes > > We have one bottom html frame in our web page which automatically > gets refreshed every 10 seconds to poll some event notifications > after user logs in.
Hmm, that could be a problem. > Because of this reason we never get session time out and user gets > logged in always. Yup. > Only way we can make session time out work (and send the user back to > login page to login again) if we either increase our page refresh > interval (5 seconds to 5 minutes) or decrease the session time out > (default 30 minutes to 5 minutes) and both is not acceptable in our > design or in general web based design. Is it possible to deploy this event notification polling to a separate webapp that does not require a session? If you can, then your polling can hit a URL that won't interfere with the session from the "real" webapp. Otherwise, you're out of luck... the request timeout was designed to keep the session from being destroyed while in use. If you keep using it every 10 seconds, it will simply never time out. -chris
signature.asc
Description: OpenPGP digital signature
