-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin,
Martin Dubuc wrote: > I finally managed to get the sessions to time out after 1 minute. What did you have to change? > Here is the security-constraint definition: > <security-constraint> > <web-resource-collection> > <web-resource-name> > Page constraints for users > </web-resource-name> > <url-pattern>/index.html</url-pattern> > <url-pattern>/main.jsf</url-pattern> > <url-pattern>/stylesheet.css</url-pattern> > <url-pattern>/images/*</url-pattern> > <url-pattern>/logOut.jsf</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>myrole</role-name> > </auth-constraint> Does your login page attempt to display any of these files? Perhaps an image or your stylesheet? If so, this isn't going to work properly and you'll get a bunch of requests that all get sent to the login page after a session timeout. > Here is the access log: Care to point out when the session expires? > 192.168.0.110 - admin [02/Dec/2008:17:13:13 +0000] "POST > /manager/html/sessions?path=/system HTTP/1.1" 200 5114 It looks like you wait for 15 minutes, here, and then there's another request: > 192.168.0.110 - admin [02/Dec/2008:17:28:01 +0000] "POST > /manager/html/sessions?path=/system HTTP/1.1" 200 4436 > 192.168.0.110 - - [02/Dec/2008:17:28:04 +0000] "GET /sessionTimeout.jsf > HTTP/1.1" 200 2614 Was this request for /sessionTimeout.jsf done from your javascript code, or by you typing something into the URL bar of your browser? > 192.168.0.110 - - [02/Dec/2008:17:28:04 +0000] "GET > /a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf > HTTP/1.1" 200 6857 > 192.168.0.110 - - [02/Dec/2008:17:28:04 +0000] "GET > /a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf > HTTP/1.1" 200 4134 > 192.168.0.110 - - [02/Dec/2008:17:28:04 +0000] "GET > /a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/skinning.js.jsf > HTTP/1.1" 200 1164 Are any of the above requests related to the problem you are observing? > 192.168.0.110 - - [02/Dec/2008:17:28:04 +0000] "GET /favicon.ico HTTP/1.1" > 200 21630 > 192.168.0.110 - - [02/Dec/2008:17:28:11 +0000] "POST /j_security_check > HTTP/1.1" 400 1100 This is obviously where you get the 400 response. Which request resulted in the login page being shown in the first place? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk1fmgACgkQ9CaO5/Lv0PCddQCgsXyX7KJ5gOZFn2xNeaPPxY3p 4Z0AoLbp8FYcs6B+lxx/W/Nl7vKRZTyP =5oYE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
