On Fri, Feb 26, 2010 at 8:51 PM, Pid <p...@pidster.com> wrote: > On 26/02/2010 09:59, Xiaojun Deng wrote: >> >> On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote: >>> >>> On 26/02/2010 04:15, Xiaojun Deng wrote: >>>> >>>> Hello, >>>> >>>> I use the Tomcat SSO function, and I found that when I restart my tomcat >>>> or the >>>> session timeout, I refresh the page, the cookie JSESSIONIDSSO keep the >>>> old value, >>>> so I can't login my application. >>>> >>>> And the web application's JSESSIONID works well, they can reset the >>>> cookie value. >>>> >>>> Is there a way to configure for the JSESSIONIDSSO? >>>> >>>> server.xml content >>>> <Host name="localhost" appBase="webapps" >>>> unpackWARs="true" autoDeploy="true" >>>> xmlValidation="false" xmlNamespaceAware="false"> >>>> >>>> <Realm className="org.apache.catalina.realm.SSOMultipleDSRealm" /> >>>> <!-- SingleSignOn valve, share authentication between web applications >>>> Documentation at: /docs/config/valve.html --> >>>> <Valve className="org.apache.catalina.authenticator.SingleSignOn" >>>> requireReauthentication="false"/> >>>> </Host> >>>> >>>> Thanks. >>> >>> What are your exact Tomcat, JVM, OS versions? >>> >> >> CentOS release 5.2 (Final) kernel 2.6.18-92.el5 >> Tomcat 6.0.20 >> JVM jdk_1.6.0_14 > > > How many applications do you have deployed, and what is the session timeout > for each one? >
I deployed 3 applications, and two session timeout are 60min, and the rest is 5min for testing, All the applications' JSESSIONID can be reset when the session timeout (5min) or server restart (I checked the Firefox cookies manager), but the JSESSIONIDSSO value can't be reset, it keep the old cookie value, and when login into the server again, it failed caused by using a old cookie value, but the server have created a new session cookie. Actually, I don't know who manages the JSESSIONIDSSO, I think the JSESSIONID managed by each application, and it can refresh when session timeout, but why the JSESSIONIDSSO can't work well? Thanks. > p > >>> p >>> >>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
